Problem

-- FIPS enabled installation of Interchange version 5.10.1 SP6, 5.10 SP11, 5.9 SP9, or 5.8 SP13 (or higher)

-- Certificate fails to install

-- Certificate displays in the Windows Certificate Manager, or earlier Interchange UI as one of the allowed encryption lengths (1024, 2048, or 3072)

-- Error in logs/ui/[hostname]_cn_error.log.000001: ...ErrorReport: ErrorID: error.certificate.insaneCertificate
com.cyclonecommerce.crossworks.x509.UnverifiedSelfSignedX509CertificateException...

-- Error in UI:

Invalid certificate

Resolution

The certificate's actual length might not be the displayed length in Windows Certificate Manager or Interchange UI.

To find the actual length of the public key, inspect the certificate via openssl, the certificate must be in base-64 encoded X.509 format.:

openssl x509 -text -in [certificate]
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
0001
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, ST=AZ, L=Phoenix, O=Axway, CN= Support
Validity
Not Before: [START_DATE]
Not After : [END_DATE]
Subject: C=US, ST=AZ, L=Phoenix, O=Axway, CN=Support
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (1023 bit) <--- not 1024, 2048, or 3072!
Modulus:
75:57:20:93:ea:e9:bf:53:f5:1b:c3:32:b9:58:43:
43:16:3e:a1:31:3f:97:53:35:b9:ee:f8:b1:eb:89:
...

As per FIPS regulations only certificates with a key-length of 1024, 2048, or 3072 are allowed. Please ask your partner to provide a certificate with a key-length as defined in the FIPS regulations: http://csrc.nist.gov/publications/fips/fips186-3/fips_186-3.pdf.