-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Geett,
On 1/29/15 12:45 AM, Geett Chanddra Singha wrote: > I'm getting the following error when enabling FIPS mode on Apache > Tomcat: > > Jan 28, 2015 5:02:33 PM > org.apache.catalina.core.AprLifecycleListener lifecycleEvent > > SEVERE: Failed to initialize the SSLEngine. > > java.lang.Exception: error:2D06C06E:FIPS > routines:FIPS_mode_set:fingerprint does not match > > at org.apache.tomcat.jni.SSL.fipsModeSet(Native Method) Looks like your fingerprint doesn't match. > *Steps I followed to configure: * > > Added the following in server.xml > > <Server port="8006" shutdown="SHUTDOWN"> > > > <!-- Comment these entries out to disable JMX MBeans support used > for the > > administration web application --> > > <Listener > className="org.apache.catalina.core.AprLifecycleListener" > SSLEngine="on" FIPSMode="on"/> > -------------------------------------------------------------------------------------------------- > > 1.) Installing tomcat apr: > > Download from http://apache.mirror.anlx.net/apr/apr-1.5.1.tar.gz What UNIX are you running? Are you sure you have to build this all yourself? > tar zxvf apr-1.5.1.tar.gz > > rm apr-1.5.1.tar.gz > > cd apr-1.5.1 * > > sudo ./configure > > sudo make > > sudo make install Why did you build this as root? > export LD_LIBRARY_PATH='$LD_LIBRARY_PATH:/usr/local/apr/lib' > > 2.) Installing tomcat tomcat-native: > > Download > > http://apache.bytenet.in/tomcat/tomcat-connectors/native/1.1.32/source/tomcat-native-1.1.32-src.tar.gz > > tar zxvf tomcat-native-1.1.32-src.tar.gz > > rm tomcat-native-1.1.32-src.tar.gz > > cd tomcat-native-1.1.32-src/jni/native > > JAVA_HOME=/usr/lib/jvm/<JAVA_HOME> > > sudo ./configure --with-apr=/usr/local/apr > --with-java-home=$JAVA_HOME > > sudo make > > sudo make install > > > > 3.) Adding the following line > > CATALINA_OPTS="$CATALINA_OPTS > -Djava.library.path=/usr/local/apr/lib" > > 4.) Restarting Tomcat > > Pl > > Please help me resolve this issue and please let me know if i > missed any step. I didn't see the part where your built OpenSSL with FIPS. Did you do that? - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJUylHjAAoJEBzwKT+lPKRYBacP/2NTeUf4/ozIkSirUPPmDgz+ hbxyoG8HbMwllLqyO4tjD9+7/iX2VxDwALZIOaU3/x1XitXdheXHeaXubFAqVePH TOmG7zoUHZ+wvJwXz5DztpV7GrpK2j3TgaKGPMS8Rjf6hSEgUdNg1Oc7Uqac0TlX OwRjEwb8ARAY3OXqZ2IkQsXqJ20qfEwc+7q0/VY+Y3ll4ixKQkQkqFnRi2WU3C4S ZGSCPwVIczjC9rM3CsPAXtqXVjAOO18ZJ+6fpHXL4hocWrdjpeuUF/1soVgL+rEC 86SwpZ+KNb+BapdbNIkmWCIVqlJGsTlRP0Xi9DGSJ9L9CqS2gCrLr00aAhM+9IaX BUbmB7FZZjs299ByU3LDd/HlUiWlyfvb8mPzsLN4fBfWWICpqV5NoUgV/tgLn4l+ UXBbRiL0pYv2HJTvswNTxBrmNdwiJhf7Iy/F9Dvxp479Tr1UVRV07NsHCSt7MGeg AXcyK0GskJd5BZDq1KUYLhugsuTVj8HJ0YMVrzd4/DJEpgpL0JWdUcedYj6Jw9mU UWrx4wUz2plUd6E1AURnVTIxoxh4Mm40DuhR+Vj10amRClisMe4CuIrRDs0LvGE7 OKE0oQk9NW90b2dl2nF61uZHyX00ramVI+7MVv6/L7EoEJ+Hmyq2mAZEJKO4zuXR lHlurY8fg3E/hsDM6+gI =hB4i -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
