Re: Tomcat FIPS with FIPS capable OpenSSL

2015-12-06 Thread Nithesh Kb 
HI Chris,

i added this while installing tc native  --with-ssl=/usr/local/ssl/ and it
worked.
I have tried it on Linux, and windows i'll try the same shortly.


Thanks,
Nithesh

On Fri, Dec 4, 2015 at 11:38 PM, Christopher Schultz <
ch...@christopherschultz.net> wrote:

> Nitish,
>
> On 12/3/15 2:36 PM, Nithesh Kb wrote:
> > Wow Amazing worked!!!
>
> Glad to hear it worked. What did you have to do?
>
> You never said, but do you happen to be on Windows?
>
> -chris
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Tomcat FIPS with FIPS capable OpenSSL

2015-12-04 Thread Christopher Schultz 
Nitish,

On 12/3/15 2:36 PM, Nithesh Kb wrote:
> Wow Amazing worked!!!

Glad to hear it worked. What did you have to do?

You never said, but do you happen to be on Windows?

-chris

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat FIPS with FIPS capable OpenSSL

2015-12-03 Thread Nithesh Kb 
Wow Amazing worked!!!

04-Dec-2015 00:45:30.500 INFO [main]
org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Loaded APR
based Apache Tomcat Native library 1.1.33 using APR version 1.5.2.
04-Dec-2015 00:45:30.500 INFO [main]
org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR
capabilities: IPv6 [true], sendfile [true], accept filters [false], random
[true].
04-Dec-2015 00:45:30.561 INFO [main]
org.apache.catalina.core.AprLifecycleListener.initializeSSL Initializing
FIPS mode...
04-Dec-2015 00:45:30.576 INFO [main]
org.apache.catalina.core.AprLifecycleListener.initializeSSL Successfully
entered FIPS mode
04-Dec-2015 00:45:30.577 INFO [main]
org.apache.catalina.core.AprLifecycleListener.initializeSSL OpenSSL
successfully initialized (OpenSSL 1.0.1p 9 Jul 2015)
04-Dec-2015 00:45:30.935 INFO [main]
org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler
["http-apr-8080"]
04-Dec-2015 00:45:30.973 INFO [main]
org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler
["ajp-apr-8009"]
04-Dec-2015 00:45:30.976 INFO [main]
org.apache.catalina.startup.Catalina.load Initialization processed in 2308
ms



On Fri, Dec 4, 2015 at 12:47 AM, Nithesh Kb  wrote:

> *HI Tomcat Experts,*
> *I'm trying to enable fips mode in tomcat but i get these exception,*
>
> *04-Dec-2015 00:00:34.787 INFO [main]
> org.apache.catalina.core.AprLifecycleListener.initializeSSL Initializing
> FIPS mode...*
> *04-Dec-2015 00:00:34.791 SEVERE [main]
> org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Failed to
> initialize the SSLEngine.*
> * java.lang.Exception: error:2D06C06E:FIPS
> routines:FIPS_mode_set:fingerprint does not match*
> * at org.apache.tomcat.jni.SSL.fipsModeSet(Native Method)*
>
> *Steps that i have followed,*
> *1. Built FIPS Capable Openssl 
> [**https://www.openssl.org/docs/UserGuide-2.0.pdf
> **]*
> *2. Installed tomcat APR and APR util 
> [**http://stackoverflow.com/questions/34022646/how-to-make-tomcat-fips-mode-enabling
> *
> *]*
> *3. Installed TC-native *
>
> *Changes made in server.xml*
>
>   SSLEngine="on" FIPSMode="on" />
>
>
>port="8080"
> protocol="org.apache.coyote.http11.Http11AprProtocol"
> secure="false"
> SSLEnabled="false"
> scheme="http"
> URIEncoding="UTF-8"
> enableLookups="true"
> acceptCount="10"
> server="NA"/>
>
> *and the exception for this,*
> *   04-Dec-2015 00:00:34.725 INFO [main]
> org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Loaded APR
> based Apache Tomcat Native library 1.1.33 using APR version 1.5.2.*
> *04-Dec-2015 00:00:34.725 INFO [main]
> org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR
> capabilities: IPv6 [true], sendfile [true], accept filters [false], random
> [true].*
> *04-Dec-2015 00:00:34.787 INFO [main]
> org.apache.catalina.core.AprLifecycleListener.initializeSSL Initializing
> FIPS mode...*
> *04-Dec-2015 00:00:34.791 SEVERE [main]
> org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Failed to
> initialize the SSLEngine.*
> * java.lang.Exception: error:2D06C06E:FIPS
> routines:FIPS_mode_set:fingerprint does not match*
> * at org.apache.tomcat.jni.SSL.fipsModeSet(Native Method)*
> * at
> org.apache.catalina.core.AprLifecycleListener.initializeSSL(AprLifecycleListener.java:329)*
> * at
> org.apache.catalina.core.AprLifecycleListener.lifecycleEvent(AprLifecycleListener.java:135)*
>
> *It works fine if i made FIPSMode="false"*
>
> *logs are attached *
>
> *please help me how to proceed on this.*
> *Thanks in advance.*
> Thanks,
> Nithesh
>
> On Fri, Dec 4, 2015 at 12:39 AM, Nithesh Kb  wrote:
>
>> HI Tomcat Experts,
>> I'm trying to enable fips mode in tomcat but i get these exception,
>>
>> *04-Dec-2015 00:00:34.787 INFO [main]
>> org.apache.catalina.core.AprLifecycleListener.initializeSSL Initializing
>> FIPS mode...*
>> *04-Dec-2015 00:00:34.791 SEVERE [main]
>> org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Failed to
>> initialize the SSLEngine.*
>> * java.lang.Exception: error:2D06C06E:FIPS
>> routines:FIPS_mode_set:fingerprint does not match*
>> * at org.apache.tomcat.jni.SSL.fipsModeSet(Native Method)*
>>
>> *Steps that i have followed,*
>> *1. Built FIPS Capable Openssl*
>>
>>
>> Thanks,
>> Nithesh
>>
>
>

Tomcat FIPS with FIPS capable OpenSSL

2015-12-03 Thread Nithesh Kb 
HI Tomcat Experts,
I'm trying to enable fips mode in tomcat but i get these exception,

*04-Dec-2015 00:00:34.787 INFO [main]
org.apache.catalina.core.AprLifecycleListener.initializeSSL Initializing
FIPS mode...*
*04-Dec-2015 00:00:34.791 SEVERE [main]
org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Failed to
initialize the SSLEngine.*
* java.lang.Exception: error:2D06C06E:FIPS
routines:FIPS_mode_set:fingerprint does not match*
* at org.apache.tomcat.jni.SSL.fipsModeSet(Native Method)*

*Steps that i have followed,*
*1. Built FIPS Capable Openssl*


Thanks,
Nithesh

Re: Tomcat FIPS with FIPS capable OpenSSL

2015-12-03 Thread Nithesh Kb 
*HI Tomcat Experts,*
*I'm trying to enable fips mode in tomcat but i get these exception,*

*04-Dec-2015 00:00:34.787 INFO [main]
org.apache.catalina.core.AprLifecycleListener.initializeSSL Initializing
FIPS mode...*
*04-Dec-2015 00:00:34.791 SEVERE [main]
org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Failed to
initialize the SSLEngine.*
* java.lang.Exception: error:2D06C06E:FIPS
routines:FIPS_mode_set:fingerprint does not match*
* at org.apache.tomcat.jni.SSL.fipsModeSet(Native Method)*

*Steps that i have followed,*
*1. Built FIPS Capable Openssl
[**https://www.openssl.org/docs/UserGuide-2.0.pdf
**]*
*2. Installed tomcat APR and APR util
[**http://stackoverflow.com/questions/34022646/how-to-make-tomcat-fips-mode-enabling
*
*]*
*3. Installed TC-native *

*Changes made in server.xml*






*and the exception for this,*
*   04-Dec-2015 00:00:34.725 INFO [main]
org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Loaded APR
based Apache Tomcat Native library 1.1.33 using APR version 1.5.2.*
*04-Dec-2015 00:00:34.725 INFO [main]
org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR
capabilities: IPv6 [true], sendfile [true], accept filters [false], random
[true].*
*04-Dec-2015 00:00:34.787 INFO [main]
org.apache.catalina.core.AprLifecycleListener.initializeSSL Initializing
FIPS mode...*
*04-Dec-2015 00:00:34.791 SEVERE [main]
org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Failed to
initialize the SSLEngine.*
* java.lang.Exception: error:2D06C06E:FIPS
routines:FIPS_mode_set:fingerprint does not match*
* at org.apache.tomcat.jni.SSL.fipsModeSet(Native Method)*
* at
org.apache.catalina.core.AprLifecycleListener.initializeSSL(AprLifecycleListener.java:329)*
* at
org.apache.catalina.core.AprLifecycleListener.lifecycleEvent(AprLifecycleListener.java:135)*

*It works fine if i made FIPSMode="false"*

*logs are attached *

*please help me how to proceed on this.*
*Thanks in advance.*
Thanks,
Nithesh

On Fri, Dec 4, 2015 at 12:39 AM, Nithesh Kb  wrote:

> HI Tomcat Experts,
> I'm trying to enable fips mode in tomcat but i get these exception,
>
> *04-Dec-2015 00:00:34.787 INFO [main]
> org.apache.catalina.core.AprLifecycleListener.initializeSSL Initializing
> FIPS mode...*
> *04-Dec-2015 00:00:34.791 SEVERE [main]
> org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Failed to
> initialize the SSLEngine.*
> * java.lang.Exception: error:2D06C06E:FIPS
> routines:FIPS_mode_set:fingerprint does not match*
> * at org.apache.tomcat.jni.SSL.fipsModeSet(Native Method)*
>
> *Steps that i have followed,*
> *1. Built FIPS Capable Openssl*
>
>
> Thanks,
> Nithesh
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org