Uploaded image for project: 'JBoss Web Server'
  1. JBoss Web Server
  2. JWS-1739

unable to make tomcat9/jws5 FIPS-compliant with NSS

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Critical Critical
    • 5.4.0.CR2
    • 5.3.1.GA
    • tomcat
    • None
    • +
    • Hide

      1. install jws5-tomcat

      # yum groupinstall jws5
      

      2. configure FIPS referring https://access.redhat.com/solutions/42301

      3. start jws5-tomcat

      # systemctl start jws5-tomcat
      
      Show
      1. install jws5-tomcat # yum groupinstall jws5 2. configure FIPS referring https://access.redhat.com/solutions/42301 3. start jws5-tomcat # systemctl start jws5-tomcat

      When configuring tomcat9 FIPS-compliant referring https://access.redhat.com/solutions/42301, tomcat9 is unable to get started and shows the following error message:

      08-Jul-2020 03:49:41.504 SEVERE [main] org.apache.catalina.util.LifecycleBase.handleSubClassException Failed to initialize component [Connector[HTTP/1.1-8443]]
              org.apache.catalina.LifecycleException: Protocol handler initialization failed                                         
                      at org.apache.catalina.connector.Connector.initInternal(Connector.java:983)                                      
                      at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136) 
                      at org.apache.catalina.core.StandardService.initInternal(StandardService.java:533)
                      at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
                      at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:1057)
                      at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
                      at org.apache.catalina.startup.Catalina.load(Catalina.java:584)
                      at org.apache.catalina.startup.Catalina.load(Catalina.java:607)
                      at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
                      at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
                      at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
                      at java.base/java.lang.reflect.Method.invoke(Method.java:566)
                      at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:303)
                      at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:473)
              Caused by: java.lang.IllegalArgumentException: FIPS mode: only SunJSSE KeyManagers may be used
                      at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:99)
                      at org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:71)
                      at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:217)
                      at org.apache.tomcat.util.net.AbstractEndpoint.bindWithCleanup(AbstractEndpoint.java:1141)
                      at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:1154)
                      at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:575)
                      at org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:74)
                      at org.apache.catalina.connector.Connector.initInternal(Connector.java:980)
                      ... 13 more 
              Caused by: java.security.KeyManagementException: FIPS mode: only SunJSSE KeyManagers may be used
                      at java.base/sun.security.ssl.SSLContextImpl.chooseKeyManager(SSLContextImpl.java:166)
                      at java.base/sun.security.ssl.SSLContextImpl.engineInit(SSLContextImpl.java:82)
                      at java.base/javax.net.ssl.SSLContext.init(SSLContext.java:297)
                      at org.apache.tomcat.util.net.jsse.JSSESSLContext.init(JSSESSLContext.java:53)
                      at org.apache.tomcat.util.net.SSLUtilBase.createSSLContext(SSLUtilBase.java:247)
                      at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:97)
                      ... 20 more 
      

        1. patch.JWS-1739
          1 kB
          Jean-Frederic Clere

              rhn-support-csutherl Coty Sutherland
              rhn-support-hokuda Hisanobu Okuda
              Athanasios Ploumis Athanasios Ploumis (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              10 Start watching this issue

                Created:
                Updated:
                Resolved: