Hello Dev,

 

In the last 3 weeks, I have successfully set up NiFi on Non-FIPS RHEL 9 with
keystore/truststore using both PKCS12 and BCFKS, LDAPS to an Active
Directory Server, and using S2S with another instance as well.

 

Now I'm loading a third (standalone) node to get nifi running in RHEL 9 FIPS
mode (installed in FIPS, not converted). I grabbed the M4 nifi package
(can't wait to see dark mode). Originally I thought BCFKS would work using
the bcprov-jdk18on-1.78.1.jar like it did for me in M3 in Non-FIPS mode.
But upon nifi start I received the error in nifi-app.log

 

"Caused by: java.security.KeyStoreException: BCFKS not found

        at java.base/java.security.KeyStore.getInstance(KeyStore.java:873)

        at
org.apache.nifi.security.ssl.StandardKeyStoreBuilder.getKeyStore(StandardKey
StoreBuilder.java:108)

        ... 9 common frames omitted

Caused by: java.security.NoSuchAlgorithmException: BCFKS KeyStore not
available"

My thought is that bcprov-jdk18on-1.78.1.jar isn't the bouncycastle Java
FIPS jar, and so maybe RHEL 9 FIPS mode will not allow it to load? And if it
did, I'm not sure if it would be FIPS compliant.

 

I have downloaded the bouncycastle Java FIPS  bc-fips-1.0.2.4.jar,
bcpkix-fips-1.0.7.jar, and bctls-fips-1.0.19.jar.  I was thinking somehow
these might be able to be used, but I'm not sure how I would get nifi to use
them.

 

Although I'm a seasoned systems integrator, I'm fairly green on RHEL, very
green on Java, and have only used Nifi for a few weeks.  I was hoping to get
your expertise on next steps. Many thanks for any assistance you might be
able to provide!

 

Respectfully,

Will Mallett  |  ProVisus Solutions, LLC
office:  757-410-8820

 <mailto:wmall...@provisus-solutions.com> wmall...@provisus-solutions.com



 

 

Attachment: smime.p7s
Description: S/MIME cryptographic signature

Reply via email to