-
Bug
-
Resolution: Done
-
Blocker
-
None
When trying to connect with CLI to server using PKCS11 (and FIPS):
- CLI can connect with the old workaround described in 7.0 documentation
JAVA_OPTS="$JAVA_OPTS -Djavax.net.ssl.trustStore=NONE -Djavax.net.ssl.trustStoreType=PKCS11" JAVA_OPTS="$JAVA_OPTS -Djavax.net.ssl.keyStore=NONE -Djavax.net.ssl.keyStoreType=PKCS11 -Djavax.net.ssl.keyStorePassword=imapassword"
- When providing -Dwildfly.config.url, no matter what's in the path (even if it's non-existent file), CLI throws following error:
java.security.KeyManagementException: FIPS mode: only SunJSSE TrustManagers may be used: FIPS mode: only SunJSSE TrustManagers may be used
- If I set up BOTH the JAVA_OPTS and wildfly-config.xml, the config is parsed properly (throwing errors in case of wrong path, malformed xml etc.) and CLI connects successfully.
I'm marking it as a blocker now, since this is basically the functionality required by EAP7-610. But the old workaround still works just fine, so I think this isn't high priority if we're ok to postpone the RFE.
- clones
-
JBEAP-11744 CLI with PKCS11 keystore cannot connect to server and throws java.security.KeyManagementException
- Closed