Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-3688

Document configuration for running domain mode with the JVM in fips mode

    XMLWordPrintable

Details

    • Documentation
    • Status: Closed (View Workflow)
    • Major
    • Resolution: Duplicate Issue
    • None
    • None
    • Documentation
    • None

    Description

      By default in domain mode, the JBoss server instance code creates a custom TrustManager instance. This is not allowed while running the JVM in FIPS mode. As a result, to resolve this issue the server instance needs to be configured to use the trustmanager instance provided by the JVM. This can be accomplished by using the following JBoss CLI command or modifying the host.xml file directly:

      CLI:

      /host=master/server-config=server-one/ssl=loopback:add(ssl-protocol=TLS, trust-manager-algorithm=SunX509, truststore-type=JKS)

      XML:

      Raw
      <servers>
      <server name="server-one" group="main-server-group">
      <ssl ssl-protocol="TLS" trust-manager-algorithm="SunX509" truststore-type="JKS"/>
      </server>
      ...
      ...
      </servers>

      Attachments

        Activity

          People

            zrhoads Zach Rhoads (Inactive)
            rhn-support-dehort Derek Horton
            Martin Choma Martin Choma
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: