Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use FIPS compliant keystore for signatures #82

Open
nynymike opened this issue Jun 30, 2021 · 0 comments
Open

Use FIPS compliant keystore for signatures #82

nynymike opened this issue Jun 30, 2021 · 0 comments
Assignees
@uprightech

Comments

@nynymike
Copy link

nynymike commented Jun 30, 2021
edited
Loading

This acticle provides an overview of the issue: https://docs.oracle.com/en/middleware/fusion-middleware/weblogic-server/12.2.1.4/secmg/fips.html#GUID-A9A51C8D-EB78-4BCC-B865-576580FCB8F1

The default JKS keystore with CA certificates, cacerts, included with the JDK is not FIPS compliant. FIPS 140-2 requires a PKCS12 PBES2 keystore; JKS keystores and PKCS12 keystores created with keytool using the Sun JSSE provider (the default) are not supported. If you are using the default JDK cacerts keystore, you need to complete the following steps to ensure FIPS compliance:

  • Convert the JDK cacerts keystore from JKS to PKCS12 format
  • Convert the PKCS12 keystore using the RSA JCE provider to be FIPS compliant
  • Set Java system properties to update the default trust store used by Java
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@uprightech uprightech

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@uprightech @nynymike