Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >

KB-9061: Are Centrify CPS On-Prem and its connectors able to use FIPS 140-2 validated cryptographic modules?

Privileged Access Service ,  

3 October,19 at 10:02 PM

Applies to: All versions of Centrify PAS on-premises (Centrify managed database) and connectors (this does not apply to customer managed databases).

Are Centrify PAS on-premises and its connectors able to use FIPS 140-2 validated cryptographic modules?


The PAS application server and its connectors do in fact, use the .NET library for crypto.

Both are tested and validated by QA on Windows Server 2012 R2 instances running in FIPS 140-2 compliant mode.

If the PAS server and the connector(s) are running on 2012 R2 instances configured for FIPS 140-2, we are a fully FIPS 140-2 compliant solution,
i.e. the crypto libraries used by PAS and the connectors will be constrained to FIPS 140-2 mode.

You should not change the FIPS configuration after installing PAS on-premises. Set the FIPS configuration mode first, then install.

Note: The above applies to Centrify managed database deployments. A customer managed database deployment will fail to connect to the database if FIPS is enabled. This will be fixed in a future release. 

Related Articles

No related Articles