Loading...

XML

Word

Printable

Type: Bug
Resolution: Won't Do
Priority: Trivial
Fix Version/s: None
Affects Version/s: 7.0.0.ER6
Component/s: Management, Security
Labels:
None

Affects:

Documentation (Ref Guide, User Guide, etc.)
CDW devel_ack:
CDW docs_ack:
CDW pm_ack:
CDW qa_ack:
CDW release:
Target Release:

7.backlog.GA

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

User can't start domain in FIPS mode when JKS keystore is used in master <-> slave host controllers communication. (Using PKCS11 keystore works well)

[Host Controller] 14:05:47,900 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-8) MSC000001: Failed to start service jboss.server.controller.management.security_realm.MasterManagementRealm.key-manager: org.jboss.msc.service.StartException in service jboss.server.controller.management.security_realm.MasterManagementRealm.key-manager: WFLYDM0018: Unable to start service
[Host Controller]       at org.jboss.as.domain.management.security.AbstractKeyManagerService.start(AbstractKeyManagerService.java:89)
[Host Controller]       at org.jboss.as.domain.management.security.FileKeyManagerService.start(FileKeyManagerService.java:147)
[Host Controller]       at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1948)
[Host Controller]       at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1881)
[Host Controller]       at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
[Host Controller]       at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
[Host Controller]       at java.lang.Thread.run(Thread.java:745)
[Host Controller] Caused by: java.security.KeyStoreException: FIPS mode: KeyStore must be from provider SunPKCS11-testPkcs
[Host Controller]       at sun.security.ssl.KeyManagerFactoryImpl$SunX509.engineInit(KeyManagerFactoryImpl.java:67)
[Host Controller]       at javax.net.ssl.KeyManagerFactory.init(KeyManagerFactory.java:256)
[Host Controller]       at org.jboss.as.domain.management.security.AbstractKeyManagerService.createKeyManagers(AbstractKeyManagerService.java:121)
[Host Controller]       at org.jboss.as.domain.management.security.AbstractKeyManagerService.start(AbstractKeyManagerService.java:83)
[Host Controller]       ... 6 more

If I understood from code correctly [1], there is nothing EAP can do about it. Just adding here for reference.

[1] http://grepcode.com/file/repository.grepcode.com/java/root/jdk/openjdk/8u40-b25/sun/security/ssl/KeyManagerFactoryImpl.java#65

- - Sort By Name
  - Sort By Date
  - Ascending
  - Descending
  - Thumbnails
  - List
  - Download All

test.out
27 kB
2016/03/11 8:23 AM

blocks

JBEAP-4120 FIPS mode issues

Resolved

Assignee:: Darran Lofthouse

Reporter:: Martin Choma

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2016/03/11 8:24 AM

Updated:: 2020/09/14 5:31 AM

Resolved:: 2016/09/22 8:22 AM

Details

Description

Attachments

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates