As of Blue Cedar 3.21.1, the FIPS module is based on OpenSSL. This change affects some functionality on the gateway.
Note these limitations:
Certificate enrollment is only tested and supported using using Microsoft NDES 2012.
Microsoft NDES 2008 does not work due to its use of obsolete cryptographic algorithms that are not supported by the FIPS module.
Rotating passwords in MS NDES (all versions) do not work when FIPS is enabled. Single passwords work fine. Rotating password support requires the configuration of a service account with associated password, which causes an NTLM authentication handshake with a dependency on a hash algorithm (MD5) that is not supported in FIPS mode.
The FIPS module cannot handle identity certificates encrypted using RC2. The PKCS7 data embedded in base-64 encoded PKCS12 cannot be parsed if it is encrypted with RC2. Most customer certificates issued by a certificate authority are not expected to be impacted.