If you configure a Reflection Gateway server to authenticate with a PKCS#12 file, the file must be encrypted with a FIPS-compliant algorithm. If you cannot start the Transfer Client or Gateway Administrator after changing your server certificate, look for the text “Algorithm not allowable in FIPS140 mode” in the server.log file. This indicates that your PKCS#12 package does not use and approved algorithm.
You can use an installed script called reencryptpkcs12.bat to re-encrypt your package with a FIPS-compliant algorithm.
Before you begin
You need the PKCS#12 file (*.p12 or *.pfx) containing your CA-signed Reflection Gateway server certificate and private key.
You need to know the password that protects this file.
To re-encrypt a PKCS#12 file using a FIPS-approved algorithm
On the computer running the Reflection Transfer Server, open a command window running as an administrator.
Navigate to TransferServer\bin in the Reflection Gateway installation folder. The default location is:
C:\Program Files\Micro Focus\ReflectionGateway\Gateway\TransferServer\bin
Run the reencryptpkcs12 batch file using the following syntax:
reencryptpkcs12 non_fips.p12 fips.p12
Replace non_fips.p12 with the name of your existing file, and fips.p12 with the name you want to give the re-encrypted file. Include full path information if the files are not in the current folder.
Enter passwords when prompted using the same password for the destination and source keystore.
NOTE:If these passwords don't match, the server will not be able to use the keystore.