NoSuchAlgorithmException: PKCS11 KeyStore not available in Red Hat middleware products

Solution Verified - Updated -

Issue

  • We are getting this error in JBoss EAP when specifying the keystore type to PKCS11 for example in the web subsystem:
            <subsystem xmlns="urn:jboss:domain:web:2.2" default-virtual-server="default-host" native="false">
                <connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http"></connector>
                <connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true">
                    <ssl password="password" keystore-type="PKCS11"></ssl>

Caused by: java.security.NoSuchAlgorithmException: PKCS11 KeyStore not available
  at sun.security.jca.GetInstance.getInstance(GetInstance.java:159) [rt.jar:1.8.0_162]
  at java.security.Security.getImpl(Security.java:695) [rt.jar:1.8.0_162]
  at java.security.KeyStore.getInstance(KeyStore.java:848) [rt.jar:1.8.0_162]
  ... 6 more
  • I'm getting the following error message from Fuse on Karaf running in DEBUG mode when installing the camel-jasypt feature
karaf> log:set DEBUG; feature:install camel-jasypt; log:set INFO

2019-05-08 16:52:16,702 | DEBUG | l console user karaf | .o.LoggingCommandSessionListener | 144 - org.apache.karaf.shell.core - 4.2.0.fuse-720061-redhat-00001 | Executing command: 'log:set DEBUG; feature:install camel-jasypt; log:set INFO'
....
2019-05-08 16:52:17,112 | DEBUG | ownloader-4-thread-8 | olingHttpClientConnectionManager | 5 - org.ops4j.pax.url.mvn - 2.5.4.redhat-1 | Connection released: [id: 0][route: {s}->https://repo1.maven.org:443][total kept alive: 0; route allocated: 0 of 20; total allocated: 0 of 40]
2019-05-08 16:52:17,113 | INFO  | ownloader-4-thread-8 | s.o.a.h.i.e.RetryExec            | 5 - org.ops4j.pax.url.mvn - 2.5.4.redhat-1 | I/O exception (java.net.SocketException) caught when processing request to {s}->https://repo1.maven.org:443: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.SSLContextImpl$DefaultSSLContext)
2019-05-08 16:52:17,113 | DEBUG | ownloader-4-thread-8 | s.o.a.h.i.e.RetryExec            | 5 - org.ops4j.pax.url.mvn - 2.5.4.redhat-1 | java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.SSLContextImpl$DefaultSSLContext)
java.net.SocketException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.SSLContextImpl$DefaultSSLContext)
    at javax.net.ssl.DefaultSSLSocketFactory.throwException(SSLSocketFactory.java:248) ~[?:?]
    at javax.net.ssl.DefaultSSLSocketFactory.createSocket(SSLSocketFactory.java:270) ~[?:?]
...
Caused by: java.security.KeyStoreException: pkcs11 not found
    at java.security.KeyStore.getInstance(KeyStore.java:851) ~[?:?]
    at sun.security.ssl.TrustManagerFactoryImpl.getCacertsKeyStore(TrustManagerFactoryImpl.java:214) ~[?:?]
...
Caused by: java.security.NoSuchAlgorithmException: pkcs11 KeyStore not available
    at sun.security.jca.GetInstance.getInstance(GetInstance.java:159) ~[?:?]

Environment

  • Red Hat JBoss Enterprise Application Platform (EAP)
    • 7
    • 6
  • Red Hat Fuse
    • 7.2
  • Java

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content