Hello,
I have configured apache-tomcat-6.0.20 for PKCS11 to use the keystore
present on HSM(Hardware security Module) which is SCA6000 in my case.
My Connector looks like this
<Connector port="443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
protocols="TLSv1"
algorithm="SunX509"
keystore="NONE" keystoreType="PKCS11"
keystoreProvider="SunPKCS11-SCA6000" keystorePass="XXXXXXXXX"
/>
This works fine by taking the a random certificate from the keystore.
But,
If I specify the keyAlias = "SpecificCerificate" , in the Connector I am
getting the folling Exception
java.security.KeyManagementException: FIPS mode: only SunJSSE
KeyManagers may be used
at
com.sun.net.ssl.internal.ssl.SSLContextImpl.chooseKeyManager(Unknown
Source)
at
com.sun.net.ssl.internal.ssl.SSLContextImpl.engineInit(Unknown Source)
at javax.net.ssl.SSLContext.init(Unknown Source)
at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory
.java:416)
at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocke
tFactory.java:131)
at
org.apache.tomcat.util.net.JIoEndpoint.init(JIoEndpoint.java:503)
at
org.apache.coyote.http11.Http11Protocol.init(Http11Protocol.java:176)
at
org.apache.catalina.connector.Connector.initialize(Connector.java:1058)
at
org.apache.catalina.core.StandardService.initialize(StandardService.java
:677)
at
org.apache.catalina.core.StandardServer.initialize(StandardServer.java:7
95)
at org.apache.catalina.startup.Catalina.load(Catalina.java:535)
at org.apache.catalina.startup.Catalina.load(Catalina.java:555)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown
Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at
org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:260)
at
org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:412)
------------------------------------------------------------------------
----------
Aug 11, 2009 11:33:12 PM org.apache.coyote.http11.Http11Protocol init
SEVERE: Error initializing endpoint
java.io.IOException: FIPS mode: only SunJSSE KeyManagers may be used
at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory
.java:462)
at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocke
tFactory.java:131)
at
org.apache.tomcat.util.net.JIoEndpoint.init(JIoEndpoint.java:503)
at
org.apache.coyote.http11.Http11Protocol.init(Http11Protocol.java:176)
at
org.apache.catalina.connector.Connector.initialize(Connector.java:1058)
at
org.apache.catalina.core.StandardService.initialize(StandardService.java
:677)
at
org.apache.catalina.core.StandardServer.initialize(StandardServer.java:7
95)
at org.apache.catalina.startup.Catalina.load(Catalina.java:535)
at org.apache.catalina.startup.Catalina.load(Catalina.java:555)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown
Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at
org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:260)
at
org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:412)
Aug 11, 2009 11:33:12 PM org.apache.catalina.startup.Catalina load
SEVERE: Catalina.start
LifecycleException: Protocol handler initialization failed:
java.io.IOException: FIPS mode: only SunJSSE KeyManagers may be used
at
org.apache.catalina.connector.Connector.initialize(Connector.java:1060)
at
org.apache.catalina.core.StandardService.initialize(StandardService.java
:677)
at
org.apache.catalina.core.StandardServer.initialize(StandardServer.java:7
95)
at org.apache.catalina.startup.Catalina.load(Catalina.java:535)
at org.apache.catalina.startup.Catalina.load(Catalina.java:555)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown
Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at
org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:260)
at
org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:412)
We have made JSSE FIPS compaliant.
Any help would be appreciated.
With Best Regards,
Pramod TK
