Can't configure JBoss EAP 6 to be FIPS 140-2 compliant
Issue
We are using JBoss EAP 6.0.0 with NSS to make JBoss FIPS-140-2 compliant SSL. We are following the instructions in knowledgebase article DOC-45951. However, the following exception is thrown when JBoss is started:
13:50:30,719 ERROR [org.apache.coyote.http11.Http11Protocol] (MSC service thread 1-3) Error initializing endpoint: java.io.IOException: FIPS mode: only SunJSSE KeyManagers may be used
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:498) [jbossweb-7.0.16.Final-redhat-1.jar:]
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:168) [jbossweb-7.0.16.Final-redhat-1.jar:]
at org.apache.tomcat.util.net.JIoEndpoint.init(JIoEndpoint.java:978) [jbossweb-7.0.16.Final-redhat-1.jar:]
at org.apache.coyote.http11.Http11Protocol.init(Http11Protocol.java:190) [jbossweb-7.0.16.Final-redhat-1.jar:]
at org.apache.catalina.connector.Connector.init(Connector.java:983) [jbossweb-7.0.16.Final-redhat-1.jar:]
at org.jboss.as.web.WebConnectorService.start(WebConnectorService.java:267) [jboss-as-web-7.1.2.Final-redhat-1.jar:7.1.2.Final-redhat-1]
at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1811) [jboss-msc-1.0.2.GA-redhat-1.jar:1.0.2.GA-redhat-1]
at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1746) [jboss-msc-1.0.2.GA-redhat-1.jar:1.0.2.GA-redhat-1]
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) [rt.jar:1.6.0_21]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) [rt.jar:1.6.0_21]
at java.lang.Thread.run(Thread.java:619) [rt.jar:1.6.0_21]
Environment
- JBoss Enterprise Application Platform (EAP)
- 6.0.0
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.
Close
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.