Can't configure JBoss EAP 6 to be FIPS 140-2 compliant
Issue
We are using JBoss EAP 6.0.0 with NSS to make JBoss FIPS-140-2 compliant SSL. We are following the instructions in knowledgebase article DOC-45951. However, the following exception is thrown when JBoss is started:
13:50:30,719 ERROR [org.apache.coyote.http11.Http11Protocol] (MSC service thread 1-3) Error initializing endpoint: java.io.IOException: FIPS mode: only SunJSSE KeyManagers may be used
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:498) [jbossweb-7.0.16.Final-redhat-1.jar:]
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:168) [jbossweb-7.0.16.Final-redhat-1.jar:]
at org.apache.tomcat.util.net.JIoEndpoint.init(JIoEndpoint.java:978) [jbossweb-7.0.16.Final-redhat-1.jar:]
at org.apache.coyote.http11.Http11Protocol.init(Http11Protocol.java:190) [jbossweb-7.0.16.Final-redhat-1.jar:]
at org.apache.catalina.connector.Connector.init(Connector.java:983) [jbossweb-7.0.16.Final-redhat-1.jar:]
at org.jboss.as.web.WebConnectorService.start(WebConnectorService.java:267) [jboss-as-web-7.1.2.Final-redhat-1.jar:7.1.2.Final-redhat-1]
at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1811) [jboss-msc-1.0.2.GA-redhat-1.jar:1.0.2.GA-redhat-1]
at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1746) [jboss-msc-1.0.2.GA-redhat-1.jar:1.0.2.GA-redhat-1]
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) [rt.jar:1.6.0_21]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) [rt.jar:1.6.0_21]
at java.lang.Thread.run(Thread.java:619) [rt.jar:1.6.0_21]
Environment
- JBoss Enterprise Application Platform (EAP)
- 6.0.0
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.