10.0.0 products do not use a Federal Information Processing Standard (FIPS 140-2) approved encryption algorithm to protect the imk.dat file. Further, the 8.1 imk.dat file uses MD5, which is not a FIPS-approved algorithm. Hence, while upgrading from previous versions of products to Version 8.1, the imk.dat file needs to be regenerated in order to run in the FIPS mode.

In order to convert an existing installation to FIPS, use the sm_rebond (in non-FIPS mode) first to get everything re-encoded in a FIPS compatible way. The steps are as follows:

  1. Run the following command at the command line prompt:

                   sm_rebond --upgrade --basedir=BASEDIR/smarts
                   sm_rebond --upgrade --basedir=/opt/InCharge/MCAST/smarts
                   sm_rebond --upgrade --basedir=C:\InCharge\MCAST\smarts
  2. When prompted, type a password to regenerate the imk.dat file. The default password is Not a secret.

  3. Download and install the Unlimited Strength Jurisdiction Policy Files using the following steps:

  4. Go to http://www.oracle.com/technetwork/java/javase/downloads/index.html, and download the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 6 from the Additional Resources section.

  5. Extract the local_policy.jar and US_export_policy.jar files from the downloaded zip file.

  6. Go to the BASEDIR/smarts/jre/lib/security directory, and then backup the existing policy files in this path.

  7. Overwrite the local_policy.jar and US_export_policy.jar files to the BASEDIR/smarts/jre/lib/security directory.

  8. Set the value for the environment variable, SM_FIPS140 to TRUE in the runcmd_env.sh file. This file is located in the BASEDIR/smarts/local/conf directory.