Hello, I have configured apache-tomcat-6.0.20 for PKCS11 to use the keystore present on HSM(Hardware security Module) which is SCA6000 in my case.
My Connector looks like this <Connector port="443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" protocols="TLSv1" algorithm="SunX509" keystore="NONE" keystoreType="PKCS11" keystoreProvider="SunPKCS11-SCA6000" keystorePass="XXXXXXXXX" /> This works fine by taking the a random certificate from the keystore. But, If I specify the keyAlias = "SpecificCerificate" , in the Connector I am getting the folling Exception java.security.KeyManagementException: FIPS mode: only SunJSSE KeyManagers may be used at com.sun.net.ssl.internal.ssl.SSLContextImpl.chooseKeyManager(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLContextImpl.engineInit(Unknown Source) at javax.net.ssl.SSLContext.init(Unknown Source) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory .java:416) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocke tFactory.java:131) at org.apache.tomcat.util.net.JIoEndpoint.init(JIoEndpoint.java:503) at org.apache.coyote.http11.Http11Protocol.init(Http11Protocol.java:176) at org.apache.catalina.connector.Connector.initialize(Connector.java:1058) at org.apache.catalina.core.StandardService.initialize(StandardService.java :677) at org.apache.catalina.core.StandardServer.initialize(StandardServer.java:7 95) at org.apache.catalina.startup.Catalina.load(Catalina.java:535) at org.apache.catalina.startup.Catalina.load(Catalina.java:555) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.lang.reflect.Method.invoke(Unknown Source) at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:260) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:412) ------------------------------------------------------------------------ ---------- Aug 11, 2009 11:33:12 PM org.apache.coyote.http11.Http11Protocol init SEVERE: Error initializing endpoint java.io.IOException: FIPS mode: only SunJSSE KeyManagers may be used at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory .java:462) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocke tFactory.java:131) at org.apache.tomcat.util.net.JIoEndpoint.init(JIoEndpoint.java:503) at org.apache.coyote.http11.Http11Protocol.init(Http11Protocol.java:176) at org.apache.catalina.connector.Connector.initialize(Connector.java:1058) at org.apache.catalina.core.StandardService.initialize(StandardService.java :677) at org.apache.catalina.core.StandardServer.initialize(StandardServer.java:7 95) at org.apache.catalina.startup.Catalina.load(Catalina.java:535) at org.apache.catalina.startup.Catalina.load(Catalina.java:555) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.lang.reflect.Method.invoke(Unknown Source) at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:260) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:412) Aug 11, 2009 11:33:12 PM org.apache.catalina.startup.Catalina load SEVERE: Catalina.start LifecycleException: Protocol handler initialization failed: java.io.IOException: FIPS mode: only SunJSSE KeyManagers may be used at org.apache.catalina.connector.Connector.initialize(Connector.java:1060) at org.apache.catalina.core.StandardService.initialize(StandardService.java :677) at org.apache.catalina.core.StandardServer.initialize(StandardServer.java:7 95) at org.apache.catalina.startup.Catalina.load(Catalina.java:535) at org.apache.catalina.startup.Catalina.load(Catalina.java:555) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.lang.reflect.Method.invoke(Unknown Source) at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:260) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:412) We have made JSSE FIPS compaliant. Any help would be appreciated. With Best Regards, Pramod TK