tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Tk, Pramod (NSN - IN/Bangalore)" <pramod...@nsn.com>
Subject Problem in configuring tomcat for PKCS 11 for HSM
Date Wed, 12 Aug 2009 06:06:28 GMT
Hello,

I have configured apache-tomcat-6.0.20 for PKCS11 to use the keystore
present on HSM(Hardware security Module) which is SCA6000 in my case. 

My Connector looks like this 

    <Connector port="443" protocol="HTTP/1.1" SSLEnabled="true"
               maxThreads="150" scheme="https" secure="true"
			   clientAuth="false" sslProtocol="TLS"
protocols="TLSv1" 
			   algorithm="SunX509" 			
    		   keystore="NONE" keystoreType="PKCS11"
keystoreProvider="SunPKCS11-SCA6000" keystorePass="XXXXXXXXX"
    />

This works fine by taking the a random certificate from the keystore.

But,

If I specify the keyAlias = "SpecificCerificate" , in the Connector I am
getting the folling Exception

java.security.KeyManagementException: FIPS mode: only SunJSSE
KeyManagers may be used
	at
com.sun.net.ssl.internal.ssl.SSLContextImpl.chooseKeyManager(Unknown
Source)
	at
com.sun.net.ssl.internal.ssl.SSLContextImpl.engineInit(Unknown Source)
	at javax.net.ssl.SSLContext.init(Unknown Source)
	at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory
.java:416)
	at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocke
tFactory.java:131)
	at
org.apache.tomcat.util.net.JIoEndpoint.init(JIoEndpoint.java:503)
	at
org.apache.coyote.http11.Http11Protocol.init(Http11Protocol.java:176)
	at
org.apache.catalina.connector.Connector.initialize(Connector.java:1058)
	at
org.apache.catalina.core.StandardService.initialize(StandardService.java
:677)
	at
org.apache.catalina.core.StandardServer.initialize(StandardServer.java:7
95)
	at org.apache.catalina.startup.Catalina.load(Catalina.java:535)
	at org.apache.catalina.startup.Catalina.load(Catalina.java:555)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown
Source)
	at java.lang.reflect.Method.invoke(Unknown Source)
	at
org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:260)
	at
org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:412)
------------------------------------------------------------------------
----------
Aug 11, 2009 11:33:12 PM org.apache.coyote.http11.Http11Protocol init
SEVERE: Error initializing endpoint
java.io.IOException: FIPS mode: only SunJSSE KeyManagers may be used
	at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory
.java:462)
	at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocke
tFactory.java:131)
	at
org.apache.tomcat.util.net.JIoEndpoint.init(JIoEndpoint.java:503)
	at
org.apache.coyote.http11.Http11Protocol.init(Http11Protocol.java:176)
	at
org.apache.catalina.connector.Connector.initialize(Connector.java:1058)
	at
org.apache.catalina.core.StandardService.initialize(StandardService.java
:677)
	at
org.apache.catalina.core.StandardServer.initialize(StandardServer.java:7
95)
	at org.apache.catalina.startup.Catalina.load(Catalina.java:535)
	at org.apache.catalina.startup.Catalina.load(Catalina.java:555)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown
Source)
	at java.lang.reflect.Method.invoke(Unknown Source)
	at
org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:260)
	at
org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:412)
Aug 11, 2009 11:33:12 PM org.apache.catalina.startup.Catalina load
SEVERE: Catalina.start
LifecycleException:  Protocol handler initialization failed:
java.io.IOException: FIPS mode: only SunJSSE KeyManagers may be used
	at
org.apache.catalina.connector.Connector.initialize(Connector.java:1060)
	at
org.apache.catalina.core.StandardService.initialize(StandardService.java
:677)
	at
org.apache.catalina.core.StandardServer.initialize(StandardServer.java:7
95)
	at org.apache.catalina.startup.Catalina.load(Catalina.java:535)
	at org.apache.catalina.startup.Catalina.load(Catalina.java:555)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown
Source)
	at java.lang.reflect.Method.invoke(Unknown Source)
	at
org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:260)
	at
org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:412)


We have made JSSE FIPS compaliant.
Any help would be appreciated. 


With Best Regards,
Pramod TK

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message