Unable to update the new SSL cert with key size 4096 in VMware Identity Manager 3.2.0.1

Background

When attempting to install version 3.2.0.1 of VMware Identity Manager (vIDM), which has FIPS compliance enabled, administrators are unable to update to SSL certificates with a key size of 4096 bits. Per BouncyCastle FIPS API 1.0.0, a third-party component used in vIDM, FIPS does not support SSL certificates with a key size of 4096 bits. Updates to the key size limit will be implemented in future versions of vIDM as BouncyCastle FIPS API is updated. More information is located in the RSA Validation List.

Note: FIPS is disabled in vIDM versions 3.1 and lower. 

 

Customer Impact

A current workaround to the key size limitation is to install vIDM 3.1 for Linux or Windows, then upgrade vIDM to version 3.2.0.1. FIPS will be disabled by default and the key size of 4096 bits will be accepted. Please note the following:

  • Organizations which must be FIPS compliant may install vIDM 3.2.0.1, however, an SSL certificate with a compatible key size (2048 or 3072) must be used.
  • Organizations which look to be FIPS compliant in the future can migrate to the latest version or install the latest version of vIDM, however, until a key size of 4096 bits is supported by BouncyCastle API compatible SSL certificates will need to be used.

Other Languages: 日本語

Have more questions? Submit a request

0 Comments

Article is closed for comments.