Managing FIPS 140-2 Level 3 Key Generation Mode

Enabling FIPS 140-2 Level 3 Key Generation Mode

Enabling 'FIPS 140-2 Level 3 Key Generation Mode' causes key to be generated using the 'CKM_RSA_X9_31_KEY_PAIR_GEN' mechanism within the HSM. Do not enable this mode unless:

  • The Hardware Security Module supports this key generation mechanism;

  • Issuing the key pair using the key mechanism is mandatory.

Step 1: Access the OCSPd Web Management Console;

Step 2: In the 'Configuration' left menu, select 'Hardware Security Modules':

HSM Menu

Step 3: Hit the FIPS Enabling Slot button of the Slot for which you are willing to enable FIPS 140-2 Level 3 Key Generation Mode:

Slot FIPS Menu

Step 4: FIPS 140-2 Level 3 is now enabled. New keypair will be generated using the 'CKM_RSA_X9_31_KEY_PAIR_GEN' mechanism:

Slot FIPS enabled
Slot FIPS enabled

Disabling FIPS 140-2 Level 3 Key Generation Mode

Step 1: Access the OCSPd Web Management Console;

Step 2: In the 'Configuration' left menu, select 'Hardware Security Modules':

HSM Menu

Step 3: Hit the FIPS Disabling Slot button of the Slot for which you are willing to disable FIPS 140-2 Level 3 Key Generation Mode:

Slot FIPS Menu

Step 4: FIPS 140-2 Level 3 is now disabled. New keypair will be generated using the 'CKM_RSA_PKCS_KEY_PAIR_GEN' mechanism:

Slot FIPS disabled
Slot FIPS disabled