|Applies To||RSA Key Manager Client|
|Issue||When should I use FIPSMode=false in RKM client configuration?|
When should I use FIPSMode=false in RKM client configuration?
What is FIPS?
Rule of thumb is that you need to set FIPSMode=false in RKM Client configuration if ONE of the following item is true:
|Notes||If you are using a PKCS #12 file that is not using FIPS algorithms, then you should set "FIPSMode=false" in the configuration to avoid errors such as 30013 (R_KM_ERROR_CERT_CHECK_FIPS). If the PKCS #12 file was exported from a Web browser, it is using a non-FIPS algorithm for password-based encryption, such as RC2, instead of a FIPS algorithm such as 3DES. A PKCS #12 file that uses a FIPS algorithm for password-based encryption can be created by using a program such as openssl.|
FIPS is important in some environments, such as in products used by the US government. If FIPS is not required in your environment, it is ok to use "FIPSMode=false".
cryptoFIPSmode is a setting that applies to the underlying cryptography product (RSA BSAFE Micro Edition Suite / Crypto-C ME). It is set to true by default, so that is the recommended setting.
For more information about FIPS, see
|Legacy Article ID||a52728|