Howto: IBMJCEFIPS and Tomcat?
July 7, 2011 11:11 AM   Subscribe

How to setup Tomcat with the IBMJCEFIPS provider?

I have spent the last several days googling every every keyword and error message to no avail. I have an instance of tomcat6 installed on a SLES10/S390x machine, and with default security policies and providers, things are OK.

When I try to get tomcat into FIPS mode, by revising the list of providers, I just get a bunch of Unknown Source errors:

at Source)
at Source)
at Source)
at Source)

I tried editing the CLASSPATH set in, no effect.

Any suggestions?
posted by nomisxid to Computers & Internet (5 answers total)
Are you trying to setup a server application or a client application?
posted by Paquda at 11:18 AM on July 7, 2011

While I will eventually be setting up a server application, right now I'm just trying to get the server to come up in FIPS mode without any apps installed.
posted by nomisxid at 11:21 AM on July 7, 2011

Have you provisioned a server identity certificate? If not, I think you'll need to. The steps involved are generating a keypair (you can use Java's keytool utility: 'keytool -genkeypair [options]'and building a keystore (again you can use the keytool utility).

Also, in case you haven't, I think you need to set JAVA_OPTS to enable your desired providers and then run And then you need to edit $TOMCAT_6/conf/server.xml to enable ssl/https.
posted by Paquda at 11:26 AM on July 7, 2011

The jks has been generated using FIPS valid values, server.xml is configured for SSL, and SSL works if I don't have the JCE provider specified.

Not clear what you mean on the JAVA_OPTS, are you talking about something in addition to setting the providers list in
posted by nomisxid at 11:34 AM on July 7, 2011

I mean, SSL works if I don't have the JCEFIPS provider specified.
posted by nomisxid at 11:37 AM on July 7, 2011

« Older Where to spend a couple hours waiting north of...   |   Chicago filter: Daycare help! Newer »
This thread is closed to new comments.