Disabling FIPS on Tomcat APPSERVER

Last Updated : Apr 17, 2023 |

Before you begin

Ensure you stop the APPSERVER.

About this task

Disable FIPS on the external Tomcat APPSERVER. For local Tomcat APPSERVER, use the script $POM_HOME/bin/POM_FIPS_remove.sh to disable FIPS on POM and the APPSERVER.

Procedure

Convert the existing BCFKS format KeyStore to JKS format KeyStore by using the following procedure:
1. Create a backup of the existing KeyStore.
2. Use the following command to convert the keystore:
```
keytool -importkeystore -srckeystore <existing keystore> destkeystore <target keystore> -srcstoretype BCFKS -deststoretype JKS -srcstorepass <existing keystore password> -deststorepass <target keystore password> -providerpath <FIPS provider jar path> -provider org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider
```
3. Rename the converted keystore to an existing keystore name.
  
  Note:
  The supported FIPS provider jar can be on the POM Server at the following location:
  
  $POM_HOME/lib/common/bc-fips-1.0.1.jar
Configure $APPSERVER_HOME/conf/server.xml and use JKS as KeyStore type, change the value of the attribute keystoreType in the element Connector to JKS.
When FIPS is disabled on the Operating System, and the Java Virtual Machine (JVM) is not running in FIPS mode, start the APPSERVER.

Send Feedback

AVAYA DOCUMENTATION CENTER

No results found