Re-encrypt a PKCS#12 file to Use Stronger Encryption

If you configure a Web Edition server to authenticate with a PKCS#12 file, the file must be encrypted with a FIPS-approved algorithm. If the encryption is too weak, your browser will not be able to connect to the service and the console log file will include a message saying "java.io.IOException: Could not decrypt data." You can use the keytool utility to re-encrypt your package.

To re-encrypt a PKCS#12 file using a FIPS-approved algorithm

  1. Open a Command Prompt window running as an administrator. (Start > All Programs > Accessories, right-click Command Prompt > Run as administrator.)
  2. Use a SET command to add the keytool folder to your path.

    SET PATH=%PATH%;C:\Program Files\Common Files\Attachmate\JRE\1.7.0_21\bin

  3. Define a variable called RWE_ROOT that points to your Web Edition installation folder. For example, if you installed to the default location:

    SET RWE_ROOT=C:\Program Files\Attachmate\RSecureWebEdition

  4. Run the following command, replacing nonfips.p12 and fips.p12 with your source and destination filenames. (This should all be on one line. Hyphens shown here are all required characters. Ensure that there are no spaces after hyphens and semicolons.)

    keytool -providerName JsafeJCE -providerClass com.rsa.jsafe.provider.JsafeJCE -providerPath "%RWE_ROOT%\UserManager\lib\cryptojce-6.1.jar;%RWE_ROOT%\UserManager\lib\cryptojcommon-6.1.jar;%RWE_ROOT%\UserManager\lib\jcmFIPS-6.1.jar" -importkeystore -srcstoretype PKCS12 -srckeystore nonfips.p12 -destkeystore fips.p12 -deststoretype PKCS12