Applies to: All versions of Centrify PAS on-premises (Centrify managed database) and connectors (this does not apply to customer managed databases).
Are Centrify PAS on-premises and its connectors able to use FIPS 140-2 validated cryptographic modules?
The PAS application server and its connectors do in fact, use the .NET library for crypto.
Both are tested and validated by QA on Windows Server 2012 R2 instances running in FIPS 140-2 compliant mode.
If the PAS server and the connector(s) are running on 2012 R2 instances configured for FIPS 140-2, we are a fully FIPS 140-2 compliant solution,
i.e. the crypto libraries used by PAS and the connectors will be constrained to FIPS 140-2 mode.
You should not change the FIPS configuration after installing PAS on-premises. Set the FIPS configuration mode first, then install.
Note: The above applies to Centrify managed database deployments. A customer managed database deployment will fail to connect to the database if FIPS is enabled. This will be fixed in a future release.