TL;DR
Add the following lines to the java.security ([java_homedir]/jre/lib/security/java.security) file:
security.provider.1=com.ibm.securerandom.provider.IBMSecureRandomsecurity.provider.2=com.ibm.crypto.provider.IBMJCE
Explanation of the issue:
After enabling the FIPS compliance you might encounter the following errors in the log file once you try to restart the Application server:
Log details:
com.ibm.websphere.ssl.JSSEHelper.getSSLContext 704com.ibm.ws.security.orbssl.WSSSLServerSocketFactoryImpl.createSSLServerSocket 459
com.ibm.ws.orbimpl.transport.WSTransport.createServerSocket 1439
com.ibm.ws.orbimpl.transport.WSTransport createServerSocket P=312105:O=0:CT ORBX0390E: Cannot create listener thread.
Exception=[ org.omg.CORBA.INTERNAL: CAUGHT_EXCEPTION_WHILE_CONFIGURING_SSL_SERVER_SOCKET,
Exception=com.ibm.websphere.ssl.SSLException:
java.lang.RuntimeException: Provider IBMJCEFIPS not found for IBMSecureRandom
vmcid: 0x49421000 minor code: 77 completed: No - received while attempting to open server socket on port 1072 ].
com.ibm.ws.orbimpl.transport.WSTransport.startListening 805
com.ibm.ws.orbimpl.transport.WSTransport.createListener 724
The easiest way to fix it is by adding the missing IBM SecureRandom provider into the list before the IBM JCE provider inside the java.security ([java_homedir]/jre/lib/security/java.security):
security.provider.1=com.ibm.securerandom.provider.IBMSecureRandom
security.provider.2=com.ibm.crypto.provider.IBMJCE
security.provider.1=com.ibm.securerandom.provider.IBMSecureRandom
security.provider.2=com.ibm.crypto.provider.IBMJCE
I have picked cheery a lot of useful clothes outdated of this amazing blog. I’d love to return greater than and over again. Thanks!
ReplyDeleteapple ipad service center in chennai | apple iphone service center in chennai | iphone service center in chennai | | Apple laptop service center in chennai