Hi, Did you find the solution? Are you able to use PKCS11 configuration in tomcat and/or JBoss servers? I have similar issue now. Let me know if you were able to fix it.
Thank you very much in advance. Sai Tk, Pramod (NSN - IN/Bangalore) wrote: > > Hello, > > I have configured apache-tomcat-6.0.20 for PKCS11 to use the keystore > present on HSM(Hardware security Module) which is SCA6000 in my case. > > My Connector looks like this > > <Connector port="443" protocol="HTTP/1.1" SSLEnabled="true" > maxThreads="150" scheme="https" secure="true" > clientAuth="false" sslProtocol="TLS" > protocols="TLSv1" > algorithm="SunX509" > keystore="NONE" keystoreType="PKCS11" > keystoreProvider="SunPKCS11-SCA6000" keystorePass="XXXXXXXXX" > /> > > This works fine by taking the a random certificate from the keystore. > > But, > > If I specify the keyAlias = "SpecificCerificate" , in the Connector I am > getting the folling Exception > > java.security.KeyManagementException: FIPS mode: only SunJSSE > KeyManagers may be used > at > com.sun.net.ssl.internal.ssl.SSLContextImpl.chooseKeyManager(Unknown > Source) > at > com.sun.net.ssl.internal.ssl.SSLContextImpl.engineInit(Unknown Source) > at javax.net.ssl.SSLContext.init(Unknown Source) > at > org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory > .java:416) > at > org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocke > tFactory.java:131) > at > org.apache.tomcat.util.net.JIoEndpoint.init(JIoEndpoint.java:503) > at > org.apache.coyote.http11.Http11Protocol.init(Http11Protocol.java:176) > at > org.apache.catalina.connector.Connector.initialize(Connector.java:1058) > at > org.apache.catalina.core.StandardService.initialize(StandardService.java > :677) > at > org.apache.catalina.core.StandardServer.initialize(StandardServer.java:7 > 95) > at org.apache.catalina.startup.Catalina.load(Catalina.java:535) > at org.apache.catalina.startup.Catalina.load(Catalina.java:555) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) > at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown > Source) > at java.lang.reflect.Method.invoke(Unknown Source) > at > org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:260) > at > org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:412) > ------------------------------------------------------------------------ > ---------- > Aug 11, 2009 11:33:12 PM org.apache.coyote.http11.Http11Protocol init > SEVERE: Error initializing endpoint > java.io.IOException: FIPS mode: only SunJSSE KeyManagers may be used > at > org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory > .java:462) > at > org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocke > tFactory.java:131) > at > org.apache.tomcat.util.net.JIoEndpoint.init(JIoEndpoint.java:503) > at > org.apache.coyote.http11.Http11Protocol.init(Http11Protocol.java:176) > at > org.apache.catalina.connector.Connector.initialize(Connector.java:1058) > at > org.apache.catalina.core.StandardService.initialize(StandardService.java > :677) > at > org.apache.catalina.core.StandardServer.initialize(StandardServer.java:7 > 95) > at org.apache.catalina.startup.Catalina.load(Catalina.java:535) > at org.apache.catalina.startup.Catalina.load(Catalina.java:555) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) > at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown > Source) > at java.lang.reflect.Method.invoke(Unknown Source) > at > org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:260) > at > org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:412) > Aug 11, 2009 11:33:12 PM org.apache.catalina.startup.Catalina load > SEVERE: Catalina.start > LifecycleException: Protocol handler initialization failed: > java.io.IOException: FIPS mode: only SunJSSE KeyManagers may be used > at > org.apache.catalina.connector.Connector.initialize(Connector.java:1060) > at > org.apache.catalina.core.StandardService.initialize(StandardService.java > :677) > at > org.apache.catalina.core.StandardServer.initialize(StandardServer.java:7 > 95) > at org.apache.catalina.startup.Catalina.load(Catalina.java:535) > at org.apache.catalina.startup.Catalina.load(Catalina.java:555) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) > at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown > Source) > at java.lang.reflect.Method.invoke(Unknown Source) > at > org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:260) > at > org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:412) > > > We have made JSSE FIPS compaliant. > Any help would be appreciated. > > > With Best Regards, > Pramod TK > > -- View this message in context: http://old.nabble.com/Problem-in-configuring-tomcat-for-PKCS-11-for-HSM-tp24930607p28468128.html Sent from the Tomcat - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
