When attempting to install version 22.214.171.124 of VMware Identity Manager (vIDM), which has FIPS compliance enabled, administrators are unable to update to SSL certificates with a key size of 4096 bits. Per BouncyCastle FIPS API 1.0.0, a third-party component used in vIDM, FIPS does not support SSL certificates with a key size of 4096 bits. Updates to the key size limit will be implemented in future versions of vIDM as BouncyCastle FIPS API is updated. More information is located in the RSA Validation List.
Note: FIPS is disabled in vIDM versions 3.1 and lower.
A current workaround to the key size limitation is to install vIDM 3.1 for Linux or Windows, then upgrade vIDM to version 126.96.36.199. FIPS will be disabled by default and the key size of 4096 bits will be accepted. Please note the following:
- Organizations which must be FIPS compliant may install vIDM 188.8.131.52, however, an SSL certificate with a compatible key size (2048 or 3072) must be used.
- Organizations which look to be FIPS compliant in the future can migrate to the latest version or install the latest version of vIDM, however, until a key size of 4096 bits is supported by BouncyCastle API compatible SSL certificates will need to be used.
Other Languages: 日本語