Running Perception on a server with FIPS mode enabled | Questionmark

Running Perception on a server with FIPS mode enabled

Applies to the following products: 
Questionmark Perception
Applies to the following Perception versions: 
Perception 5.7

If you want to run Perception 5.7 on a server with FIPS enabled, you must not run other applications on your Perception server and you'll need to make the following changes to the server's .NET configuration. After you've installed Perception 5.7, you will need to:

  1. Open the machine.config files in the following locations on your all servers that contain Perception components:
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\
    • C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\
  2. At the end of the <configuration> section (just before </configuration>), add the following code:

    <mscorlib>

    <cryptographySettings>

    <cryptoNameMapping>

     

    <cryptoClasses>

    <cryptoClass SHA512="System.Security.Cryptography.SHA512Cng, System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>

    <cryptoClass SHA384="System.Security.Cryptography.SHA384Cng, System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>

    <cryptoClass SHA256="System.Security.Cryptography.SHA256Cng, System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>

    <cryptoClass HMACSHA512="Security.Cryptography.HMACSHA512Cng, Security.Cryptography, Version=1.6.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>

    <cryptoClass HMACSHA384="Security.Cryptography.HMACSHA384Cng, Security.Cryptography, Version=1.6.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>

    <cryptoClass HMACSHA256="Security.Cryptography.HMACSHA256Cng, Security.Cryptography, Version=1.6.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>

    <cryptoClass SymmetricEncryption="System.Security.Cryptography.AesCryptoServiceProvider, System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>

    </cryptoClasses>

    <nameEntry name="System.Security.Cryptography.SHA512" class="SHA512"/>

    <nameEntry name="System.Security.Cryptography.SHA384" class="SHA384"/>

    <nameEntry name="System.Security.Cryptography.SHA256" class="SHA256"/>

    <nameEntry name="System.Security.Cryptography.HMACSHA256" class="HMACSHA256"/>

    <nameEntry name="HMACSHA512" class="HMACSHA512"/>

    <nameEntry name="HMACSHA384" class="HMACSHA384"/>

    <nameEntry name="HMACSHA256" class="HMACSHA256"/>

    <nameEntry name="System.Security.Cryptography.SymmetricAlgorithm" class="SymmetricEncryption"/>

    </cryptoNameMapping>

    </cryptographySettings>

    </mscorlib>

  3. Save the changes you've made to the machine.config files on your Perception servers.

These changes must be made to the machine.config files on all servers that have Perception components installed on them (i.e., in multi-tiered and load-balanced installations).