Enable FIPS

Last updated Friday, August 11, 2017 in Sitecore Experience Platform for Administrator
Keywords: Configuration, Security

Note

This feature is available in Sitecore 8.2, Update 5, and later.

f you enable the Use FIPS compliant algorithms for encryption, hashing, and signing security policy option in Windows, you must enable the correct cryptographic classes for Sitecore.

To enable the Sitecore FIPS support:

  1. Go to the /Website/bin folder of your Sitecore instance.
  2. Right-click the Sitecore.Kernel.dll file and select Properties.
  3. On the Details tab, note the value of the File version property:

    Of this

  4. Open the machine.config file. This file is in different folders on 32- and on 64-bit systems:
    • On a 32-bit system, it is in the %windir%\Microsoft.NET\Framework\<DotNetVersion>\Config\machine.config folder.
    • On a 64-bit system, it is in the %windir%\Microsoft.NET\Framework64\<DotNetVersion>\Config\machine.config folder.
  5. Add the following node to the file:
    <configuration>
        <!-- Other configuration settings -->
        <mscorlib>
            <cryptographySettings>
                <cryptoNameMapping>
                    <cryptoClasses>
                        <cryptoClass AESPROXY="Sitecore.SecurityModel.Cryptography.AesCryptoServiceProviderProxy, Sitecore.Kernel, Version=XX.X.X.XXXX, Culture=neutral"/>
                    </cryptoClasses>
                    <nameEntry name="Rijndael" class="AESPROXY"/>
                    <nameEntry name="System.Security.Cryptography.Rijndael" class="AESPROXY"/>
                    <nameEntry name="System.Security.Cryptography.RijndaelManaged" class="AESPROXY"/>
                    <nameEntry name="AesManaged" class="AESPROXY"/>
                   <nameEntry name="System.Security.Cryptography.AesManaged" class="AESPROXY"/>
                </cryptoNameMapping>
            </cryptographySettings>
        </mscorlib>
    </configuration>

    Use the file version value you noted in step 3 as the value of Sitecore.Kernel.Version (marked as XX.X.X.XXXX above).

  6. Optionally, reset the Internet Information Services.

Send feedback about the documentation to docsite@sitecore.net.