Migrate PKCS#12 or JCEKS keystores to BCFKS keystores

You can use an installed script called migrated_keystore.bat to convert your PKCS#12 or JCEKS keystores to BCFKS keystores.

This script examines the container.properties to find custom keystores that have been added and automatically converts them to BCFKS.

IMPORTANT:You need to know the password that protects this file.

Before you begin

  1. Open a command window.

  2. Run the following two commands to place Java in the default path:

    set JAVA_HOME="c:\Program Files\Common Files\Micro Focus\ServerJDK\1.8.0_151"
    set PATH=%JAVA_HOME%\bin;%PATH%

To re-encrypt a PKCS#12 file using a FIPS-approved algorithm

  1. On the computer running the Reflection Transfer Server, open a command window running as an administrator.

  2. Navigate to TransferServer\bin in the Reflection Gateway installation folder. The default location is:

    C:\Program Files\Micro Focus\ReflectionGateway\Gateway\TransferServer\bin

  3. Run the migrated_keystore.bat batch file.

  4. Modify the container.properties and update the following settings:

    servletengine.ssl.keystore=..\etc\migrated.bcfks
    servletengine.ssl.keystoretype=BCFKS

    NOTE:If these passwords don't match, the server will not be able to use the keystore.