https://bz.apache.org/bugzilla/show_bug.cgi?id=64614
--- Comment #1 from jfclere <jfcl...@gmail.com> ---
To configure I did the following:
modutil -create -dbdir /home/jfclere/db
touch /home/jfclere/db/secmod.db (for what?).
modutil -fips true -dbdir /home/jfclere/db
modutil -list -dbdir /home/jfclere/db (looks OK)
modutil -changepw "NSS FIPS 140-2 Certificate DB" -dbdir /home/jfclere/db
(-list to get the tokens)
modutil -changepw "NSS Certificate DB" -dbdir /home/jfclere/db (when no fips!).
certutil -S -k rsa -n jbossweb -t "u,u,u" -x -s "CN=localhost, OU=MYOU,
O=MYORG, L=MYCITY, ST=MYSTATE, C=MY" -d /home/jfclere/db
Add the providers in jre/lib/security/java.security
security.provider.4=com.sun.net.ssl.internal.ssl.Provider SunPKCS11-NSSfips
security.provider.10=sun.security.pkcs11.SunPKCS11
/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.252.b09-1.fc32.x86_64/jre/lib/security/nss.cfg
I have in jre/lib/security/nss.cfg:
+++
name = NSSfips
nssLibraryDirectory = /usr/lib64
nssSecmodDirectory = /home/jfclere/db
nssDbMode = readWrite
nssModule = fips
attributes = compatibility
handleStartupErrors = ignoreMultipleInitialisation
+++
I have in server.xml
+++
<Connector port="8443" protocol="HTTP/1.1"
maxThreads="150" SSLEnabled="true" >
<UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
<SSLHostConfig>
<Certificate certificateKeystorePassword="Adelina2020!"
certificateKeystoreType="PKCS11"
certificateKeystoreProvider="SunPKCS11-NSSfips" />
</SSLHostConfig>
</Connector>
+++
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
