You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Nithesh Kb <ni...@gmail.com> on 2015/12/03 20:09:41 UTC
Tomcat FIPS with FIPS capable OpenSSL
HI Tomcat Experts,
I'm trying to enable fips mode in tomcat but i get these exception,
*04-Dec-2015 00:00:34.787 INFO [main]
org.apache.catalina.core.AprLifecycleListener.initializeSSL Initializing
FIPS mode...*
*04-Dec-2015 00:00:34.791 SEVERE [main]
org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Failed to
initialize the SSLEngine.*
* java.lang.Exception: error:2D06C06E:FIPS
routines:FIPS_mode_set:fingerprint does not match*
* at org.apache.tomcat.jni.SSL.fipsModeSet(Native Method)*
*Steps that i have followed,*
*1. Built FIPS Capable Openssl*
Thanks,
Nithesh
Re: Tomcat FIPS with FIPS capable OpenSSL
Posted by Nithesh Kb <ni...@gmail.com>.
HI Chris,
i added this while installing tc native --with-ssl=/usr/local/ssl/ and it
worked.
I have tried it on Linux, and windows i'll try the same shortly.
Thanks,
Nithesh
On Fri, Dec 4, 2015 at 11:38 PM, Christopher Schultz <
chris@christopherschultz.net> wrote:
> Nitish,
>
> On 12/3/15 2:36 PM, Nithesh Kb wrote:
> > Wow Amazing worked!!!
>
> Glad to hear it worked. What did you have to do?
>
> You never said, but do you happen to be on Windows?
>
> -chris
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
Re: Tomcat FIPS with FIPS capable OpenSSL
Posted by Christopher Schultz <ch...@christopherschultz.net>.
Nitish,
On 12/3/15 2:36 PM, Nithesh Kb wrote:
> Wow Amazing worked!!!
Glad to hear it worked. What did you have to do?
You never said, but do you happen to be on Windows?
-chris
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Tomcat FIPS with FIPS capable OpenSSL
Posted by Nithesh Kb <ni...@gmail.com>.
Wow Amazing worked!!!
04-Dec-2015 00:45:30.500 INFO [main]
org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Loaded APR
based Apache Tomcat Native library 1.1.33 using APR version 1.5.2.
04-Dec-2015 00:45:30.500 INFO [main]
org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR
capabilities: IPv6 [true], sendfile [true], accept filters [false], random
[true].
04-Dec-2015 00:45:30.561 INFO [main]
org.apache.catalina.core.AprLifecycleListener.initializeSSL Initializing
FIPS mode...
04-Dec-2015 00:45:30.576 INFO [main]
org.apache.catalina.core.AprLifecycleListener.initializeSSL Successfully
entered FIPS mode
04-Dec-2015 00:45:30.577 INFO [main]
org.apache.catalina.core.AprLifecycleListener.initializeSSL OpenSSL
successfully initialized (OpenSSL 1.0.1p 9 Jul 2015)
04-Dec-2015 00:45:30.935 INFO [main]
org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler
["http-apr-8080"]
04-Dec-2015 00:45:30.973 INFO [main]
org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler
["ajp-apr-8009"]
04-Dec-2015 00:45:30.976 INFO [main]
org.apache.catalina.startup.Catalina.load Initialization processed in 2308
ms
On Fri, Dec 4, 2015 at 12:47 AM, Nithesh Kb <ni...@gmail.com> wrote:
> *HI Tomcat Experts,*
> *I'm trying to enable fips mode in tomcat but i get these exception,*
>
> *04-Dec-2015 00:00:34.787 INFO [main]
> org.apache.catalina.core.AprLifecycleListener.initializeSSL Initializing
> FIPS mode...*
> *04-Dec-2015 00:00:34.791 SEVERE [main]
> org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Failed to
> initialize the SSLEngine.*
> * java.lang.Exception: error:2D06C06E:FIPS
> routines:FIPS_mode_set:fingerprint does not match*
> * at org.apache.tomcat.jni.SSL.fipsModeSet(Native Method)*
>
> *Steps that i have followed,*
> *1. Built FIPS Capable Openssl [**https://www.openssl.org/docs/UserGuide-2.0.pdf
> <https://www.openssl.org/docs/UserGuide-2.0.pdf>**]*
> *2. Installed tomcat APR and APR util [**http://stackoverflow.com/questions/34022646/how-to-make-tomcat-fips-mode-enabling
> <http://stackoverflow.com/questions/34022646/how-to-make-tomcat-fips-mode-enabling>*
> *]*
> *3. Installed TC-native *
>
> *Changes made in server.xml*
>
> <Listener className="org.apache.catalina.core.AprLifecycleListener"
> SSLEngine="on" FIPSMode="on" />
>
>
> <Connector
> port="8080"
> protocol="org.apache.coyote.http11.Http11AprProtocol"
> secure="false"
> SSLEnabled="false"
> scheme="http"
> URIEncoding="UTF-8"
> enableLookups="true"
> acceptCount="10"
> server="NA"/>
>
> *and the exception for this,*
> * 04-Dec-2015 00:00:34.725 INFO [main]
> org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Loaded APR
> based Apache Tomcat Native library 1.1.33 using APR version 1.5.2.*
> *04-Dec-2015 00:00:34.725 INFO [main]
> org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR
> capabilities: IPv6 [true], sendfile [true], accept filters [false], random
> [true].*
> *04-Dec-2015 00:00:34.787 INFO [main]
> org.apache.catalina.core.AprLifecycleListener.initializeSSL Initializing
> FIPS mode...*
> *04-Dec-2015 00:00:34.791 SEVERE [main]
> org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Failed to
> initialize the SSLEngine.*
> * java.lang.Exception: error:2D06C06E:FIPS
> routines:FIPS_mode_set:fingerprint does not match*
> * at org.apache.tomcat.jni.SSL.fipsModeSet(Native Method)*
> * at
> org.apache.catalina.core.AprLifecycleListener.initializeSSL(AprLifecycleListener.java:329)*
> * at
> org.apache.catalina.core.AprLifecycleListener.lifecycleEvent(AprLifecycleListener.java:135)*
>
> *It works fine if i made FIPSMode="false"*
>
> *logs are attached *
>
> *please help me how to proceed on this.*
> *Thanks in advance.*
> Thanks,
> Nithesh
>
> On Fri, Dec 4, 2015 at 12:39 AM, Nithesh Kb <ni...@gmail.com> wrote:
>
>> HI Tomcat Experts,
>> I'm trying to enable fips mode in tomcat but i get these exception,
>>
>> *04-Dec-2015 00:00:34.787 INFO [main]
>> org.apache.catalina.core.AprLifecycleListener.initializeSSL Initializing
>> FIPS mode...*
>> *04-Dec-2015 00:00:34.791 SEVERE [main]
>> org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Failed to
>> initialize the SSLEngine.*
>> * java.lang.Exception: error:2D06C06E:FIPS
>> routines:FIPS_mode_set:fingerprint does not match*
>> * at org.apache.tomcat.jni.SSL.fipsModeSet(Native Method)*
>>
>> *Steps that i have followed,*
>> *1. Built FIPS Capable Openssl*
>>
>>
>> Thanks,
>> Nithesh
>>
>
>
Re: Tomcat FIPS with FIPS capable OpenSSL
Posted by Nithesh Kb <ni...@gmail.com>.
*HI Tomcat Experts,*
*I'm trying to enable fips mode in tomcat but i get these exception,*
*04-Dec-2015 00:00:34.787 INFO [main]
org.apache.catalina.core.AprLifecycleListener.initializeSSL Initializing
FIPS mode...*
*04-Dec-2015 00:00:34.791 SEVERE [main]
org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Failed to
initialize the SSLEngine.*
* java.lang.Exception: error:2D06C06E:FIPS
routines:FIPS_mode_set:fingerprint does not match*
* at org.apache.tomcat.jni.SSL.fipsModeSet(Native Method)*
*Steps that i have followed,*
*1. Built FIPS Capable Openssl
[**https://www.openssl.org/docs/UserGuide-2.0.pdf
<https://www.openssl.org/docs/UserGuide-2.0.pdf>**]*
*2. Installed tomcat APR and APR util
[**http://stackoverflow.com/questions/34022646/how-to-make-tomcat-fips-mode-enabling
<http://stackoverflow.com/questions/34022646/how-to-make-tomcat-fips-mode-enabling>*
*]*
*3. Installed TC-native *
*Changes made in server.xml*
<Listener className="org.apache.catalina.core.AprLifecycleListener"
SSLEngine="on" FIPSMode="on" />
<Connector
port="8080"
protocol="org.apache.coyote.http11.Http11AprProtocol"
secure="false"
SSLEnabled="false"
scheme="http"
URIEncoding="UTF-8"
enableLookups="true"
acceptCount="10"
server="NA"/>
*and the exception for this,*
* 04-Dec-2015 00:00:34.725 INFO [main]
org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Loaded APR
based Apache Tomcat Native library 1.1.33 using APR version 1.5.2.*
*04-Dec-2015 00:00:34.725 INFO [main]
org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR
capabilities: IPv6 [true], sendfile [true], accept filters [false], random
[true].*
*04-Dec-2015 00:00:34.787 INFO [main]
org.apache.catalina.core.AprLifecycleListener.initializeSSL Initializing
FIPS mode...*
*04-Dec-2015 00:00:34.791 SEVERE [main]
org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Failed to
initialize the SSLEngine.*
* java.lang.Exception: error:2D06C06E:FIPS
routines:FIPS_mode_set:fingerprint does not match*
* at org.apache.tomcat.jni.SSL.fipsModeSet(Native Method)*
* at
org.apache.catalina.core.AprLifecycleListener.initializeSSL(AprLifecycleListener.java:329)*
* at
org.apache.catalina.core.AprLifecycleListener.lifecycleEvent(AprLifecycleListener.java:135)*
*It works fine if i made FIPSMode="false"*
*logs are attached *
*please help me how to proceed on this.*
*Thanks in advance.*
Thanks,
Nithesh
On Fri, Dec 4, 2015 at 12:39 AM, Nithesh Kb <ni...@gmail.com> wrote:
> HI Tomcat Experts,
> I'm trying to enable fips mode in tomcat but i get these exception,
>
> *04-Dec-2015 00:00:34.787 INFO [main]
> org.apache.catalina.core.AprLifecycleListener.initializeSSL Initializing
> FIPS mode...*
> *04-Dec-2015 00:00:34.791 SEVERE [main]
> org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Failed to
> initialize the SSLEngine.*
> * java.lang.Exception: error:2D06C06E:FIPS
> routines:FIPS_mode_set:fingerprint does not match*
> * at org.apache.tomcat.jni.SSL.fipsModeSet(Native Method)*
>
> *Steps that i have followed,*
> *1. Built FIPS Capable Openssl*
>
>
> Thanks,
> Nithesh
>