Hello Dev,
In the last 3 weeks, I have successfully set up NiFi on Non-FIPS RHEL 9 with keystore/truststore using both PKCS12 and BCFKS, LDAPS to an Active Directory Server, and using S2S with another instance as well. Now I'm loading a third (standalone) node to get nifi running in RHEL 9 FIPS mode (installed in FIPS, not converted). I grabbed the M4 nifi package (can't wait to see dark mode). Originally I thought BCFKS would work using the bcprov-jdk18on-1.78.1.jar like it did for me in M3 in Non-FIPS mode. But upon nifi start I received the error in nifi-app.log "Caused by: java.security.KeyStoreException: BCFKS not found at java.base/java.security.KeyStore.getInstance(KeyStore.java:873) at org.apache.nifi.security.ssl.StandardKeyStoreBuilder.getKeyStore(StandardKey StoreBuilder.java:108) ... 9 common frames omitted Caused by: java.security.NoSuchAlgorithmException: BCFKS KeyStore not available" My thought is that bcprov-jdk18on-1.78.1.jar isn't the bouncycastle Java FIPS jar, and so maybe RHEL 9 FIPS mode will not allow it to load? And if it did, I'm not sure if it would be FIPS compliant. I have downloaded the bouncycastle Java FIPS bc-fips-1.0.2.4.jar, bcpkix-fips-1.0.7.jar, and bctls-fips-1.0.19.jar. I was thinking somehow these might be able to be used, but I'm not sure how I would get nifi to use them. Although I'm a seasoned systems integrator, I'm fairly green on RHEL, very green on Java, and have only used Nifi for a few weeks. I was hoping to get your expertise on next steps. Many thanks for any assistance you might be able to provide! Respectfully, Will Mallett | ProVisus Solutions, LLC office: 757-410-8820 <mailto:wmall...@provisus-solutions.com> wmall...@provisus-solutions.com
smime.p7s
Description: S/MIME cryptographic signature