*Hi all,*
I'm getting the following error when enabling FIPS mode on Apache Tomcat:
Jan 28, 2015 5:02:33 PM org.apache.catalina.core.AprLifecycleListener
lifecycleEvent
SEVERE: Failed to initialize the SSLEngine.
java.lang.Exception: error:2D06C06E:FIPS routines:FIPS_mode_set:fingerprint
does not match
at org.apache.tomcat.jni.SSL.fipsModeSet(Native Method)
at
org.apache.catalina.core.AprLifecycleListener.initializeSSL(AprLifecycleListener.java:329)
at
org.apache.catalina.core.AprLifecycleListener.lifecycleEvent(AprLifecycleListener.java:137)
at
org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:117)
at
org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:90)
at
org.apache.catalina.util.LifecycleBase.setStateInternal(LifecycleBase.java:402)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:99)
at org.apache.catalina.startup.Catalina.load(Catalina.java:638)
at org.apache.catalina.startup.Catalina.load(Catalina.java:663)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:280)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:454)
Jan 28, 2015 5:02:33 PM org.apache.catalina.core.AprLifecycleListener
lifecycleEvent
SEVERE: Failed to enter FIPS mode
java.lang.Error: Failed to enter FIPS mode
at
org.apache.catalina.core.AprLifecycleListener.lifecycleEvent(AprLifecycleListener.java:146)
at
org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:117)
at
org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:90)
at
org.apache.catalina.util.LifecycleBase.setStateInternal(LifecycleBase.java:402)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:99)
at org.apache.catalina.startup.Catalina.load(Catalina.java:638)
at org.apache.catalina.startup.Catalina.load(Catalina.java:663)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:280)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:454)
*Steps I followed to configure: *
Added the following in server.xml
<Server port="8006" shutdown="SHUTDOWN">
<!-- Comment these entries out to disable JMX MBeans support used for the
administration web application -->
<Listener className="org.apache.catalina.core.AprLifecycleListener"
SSLEngine="on" FIPSMode="on"/>
--------------------------------------------------------------------------------------------------
1.) Installing tomcat apr:
Download from http://apache.mirror.anlx.net/apr/apr-1.5.1.tar.gz
tar zxvf apr-1.5.1.tar.gz
rm apr-1.5.1.tar.gz
cd apr-1.5.1 *
sudo ./configure
sudo make
sudo make install
export LD_LIBRARY_PATH='$LD_LIBRARY_PATH:/usr/local/apr/lib'
2.) Installing tomcat tomcat-native:
Download
http://apache.bytenet.in/tomcat/tomcat-connectors/native/1.1.32/source/tomcat-native-1.1.32-src.tar.gz
tar zxvf tomcat-native-1.1.32-src.tar.gz
rm tomcat-native-1.1.32-src.tar.gz
cd tomcat-native-1.1.32-src/jni/native
JAVA_HOME=/usr/lib/jvm/<JAVA_HOME>
sudo ./configure --with-apr=/usr/local/apr --with-java-home=$JAVA_HOME
sudo make
sudo make install
3.) Adding the following line
CATALINA_OPTS="$CATALINA_OPTS
-Djava.library.path=/usr/local/apr/lib"
4.) Restarting Tomcat
Pl
PlPlease help me resolve this issue and please let me know if i missed any
step.
Regards,
Geet Chandra Singha
