Perform the following steps:
- Open the station’s .
- On the User Key Store tab, select any certificate used by the station (e.g. the certificate used by the FoxService as its "foxs cert") and click
Export.
It is recommended to encrypt the private key; if encrypting the key, a FIPS-compliant password (14 characters or longer) must
be selected.
- In the Certificate Export window, click each of these checkboxes: Export the private key and Encrypt exported private key, and enter a FIPS-compliant password (14 characters or more) in the Password and Confirm Password fields.
- On the User Trust Store tab, for all certificates, click Export.
After the certificates have been exported, they can be re-imported to the station via the once it is restarted and running in FIPS mode. You can also import via a platform connection on the host on which the station
will run and double-click Certificate Management. This method can be done before the station is installed and running.
NOTE: If using a non-default certificate for the platform, fox or http TLS connections, be aware that these services will not be
able to start up properly the first time the station or platform starts up, because the required certificates will not be
available. To ensure connectivity, you can configure your station to use the default "tridium" certificate for the duration
of the migration, or enable non-TLS connections.
NOTE: FIPS mode only supports certificates with key sizes of 2048 and 3072. Certificates using other key size may not import or
function correctly.