Manual Processing for AS2 System Keys

AS2 system keys are converted to a format that FIPS supports. The FIPS script creates copies of the protocol key and appends "[FIPS]" to the AS2 private key description.

Depending on how your transfer services are defined, you may need to do some manual work when enabling or disabling FIPS mode. This may be required because of the following reasons:
  • FIPS mode does not support the old AS2 system key format.
  • Non-FIPS mode supports the converted AS2 keys.

Procedure

  1. Define the AS2 system key to be used in the following way:
    • Use a Default Key. Select Use Default.
    MFT selects the default key and finds the correct key to use. You do not need to do anything else, unless a key was deleted after executing the FIPS script.
  2. Review the AS2 system key defined to make sure it is compatible with the FIPS mode.
    • For the AS2 Server, the server definition defines the AS2 system key. You must update all of the server definitions to make sure that the proper key type is used. Use the following admin page to update server definitions:
      • Navigate to Servers > Manage Servers
      • In the Selection criteria box, change Server Type to AS2 and click Search. A list of AS2 Servers is displayed in the results table.
      • Click Server name for each server and open the AS2 Options box. Make sure that the Encryption System Key and Signing System Key values are correct for the FIPS mode you use.