Question about NSS and FIPS 140-2 Cryptography for JBoss 5.1 on Windows 7

Comments 2

Running JBoss EAP 5.1 on Windows 7, we are following these guidelines for using NSS to enable FIPS 140-2 compliant cryptography modules:

https://access.redhat.com/knowledge/solutions/42301

The instructions say to edit $JAVA_HOME/jre/lib/security/java.security
and add this security provider:

security.provider.1=sun.security.pkcs11.SunPKCS11 /path/to/nss_pkcs11_fips.cfg

My question is, how do you specify /path/to/nss_pkcs11_fips.cfg? Is it relative to JAVA_HOME? Can the path be absolute? Does it matter where nss_pkcs11_fips.cfg is?

Thanks.

Started 2012-11-26T19:48:53+00:00 by

Harold Owen

Community Member 45 points

Responses

MD Red Hat Active Contributor 145 points

27 November 2012 7:45 PM

Matt Davis

Harold, it's been a few months since I tested the process, but I recall setting the absolute path to the file. For the location I had placed it in a temp directory just for testing purposes. If for some reason you don't get this working, open a case and they should be able to step you through the process.

HO Community Member 45 points

11 December 2012 2:30 PM

Harold Owen

Thanks, Matt. Your suggestion for the absolute path worked. Also, it appears that the path should use forward slashes, and not backslashes. For example:

security.provider.1=sun.security.pkcs11.SunPKCS11 c:/nssdb/nss_pkcs11_fips.cfg

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories

Question about NSS and FIPS 140-2 Cryptography for JBoss 5.1 on Windows 7

Responses