Downgrading a device from Common Criteria mode to either FIPS mode or non-FIPS mode uses the same command. You cannot directly downgrade to FIPS mode; you first downgrade to non-FIPS mode, and then enable FIPS mode using the procedures detailed in the earlier chapter.
About this task
After the device is placed in non-FIPS mode, you can use SCP to download and initialize an older image. Use the following steps to revert to a non-FIPS-compliant image.
Procedure
-
Log in to the device by entering your username and password.
-
Disable Common Criteria mode by entering the
no fips enable or
no fips enable common-criteria command.
-
Regenerate SSH host keys or other shared secrets as needed for access after reload.
-
To replace the startup configuration with the
no fips enable configuration, enter the
write memory command.
-
Reload the configuration by entering the
reload command.
