Hello Dev,
In the last 3 weeks, I have successfully set up NiFi on Non-FIPS RHEL 9 with
keystore/truststore using both PKCS12 and BCFKS, LDAPS to an Active
Directory Server, and using S2S with another instance as well.
Now I'm loading a third (standalone) node to get nifi running in RHEL 9 FIPS
mode (installed in FIPS, not converted). I grabbed the M4 nifi package
(can't wait to see dark mode). Originally I thought BCFKS would work using
the bcprov-jdk18on-1.78.1.jar like it did for me in M3 in Non-FIPS mode.
But upon nifi start I received the error in nifi-app.log
"Caused by: java.security.KeyStoreException: BCFKS not found
at java.base/java.security.KeyStore.getInstance(KeyStore.java:873)
at
org.apache.nifi.security.ssl.StandardKeyStoreBuilder.getKeyStore(StandardKey
StoreBuilder.java:108)
... 9 common frames omitted
Caused by: java.security.NoSuchAlgorithmException: BCFKS KeyStore not
available"
My thought is that bcprov-jdk18on-1.78.1.jar isn't the bouncycastle Java
FIPS jar, and so maybe RHEL 9 FIPS mode will not allow it to load? And if it
did, I'm not sure if it would be FIPS compliant.
I have downloaded the bouncycastle Java FIPS bc-fips-1.0.2.4.jar,
bcpkix-fips-1.0.7.jar, and bctls-fips-1.0.19.jar. I was thinking somehow
these might be able to be used, but I'm not sure how I would get nifi to use
them.
Although I'm a seasoned systems integrator, I'm fairly green on RHEL, very
green on Java, and have only used Nifi for a few weeks. I was hoping to get
your expertise on next steps. Many thanks for any assistance you might be
able to provide!
Respectfully,
Will Mallett | ProVisus Solutions, LLC
office: 757-410-8820
<mailto:[email protected]> [email protected]
smime.p7s
Description: S/MIME cryptographic signature
