How to make Weblogic 11gR2 (10.3.3) FIPS-140 compliant
Question
our Ear application is hosted on a Weblogic 10.3.3 server.
This app is interacting with a BO 4.1 and we have this error now trying to connect to it :
com.tranme.guide.commonservices.report.InteractionBOException: com.crystaldecisions.sdk.exception.SDKException$ConfidentialChannelFailed: Impossible d'굡blir un canal confidentiel. (FWM 02119)
cause:com.businessobjects.bcm.exception.FIPSError: Cryptographic library is not FIPS-140-compliant.
detail:Impossible d'굡blir un canal confidentiel. (FWM 02119) Cryptographic library is not FIPS-140-compliant.
at com.tranme.guide.commonservices.report.CrystalReportHelper.getReportInfoObjectsByReportName(CrystalReportHelper.java:515)
at com.tranme.guide.notificationmgt.manager.reports.util.ReportManagementTools.getReportInstanceStatuses(ReportManagementTools.java:81)
at com.tranme.guide.notificationmgt.manager.reports.util.ReportManagementTools.getGenerationStatusResults(ReportManagementTools.java:51)
at com.tranme.guide.notificationmgt.manager.BaseNotificationManager.updateReportGenerationStatus(BaseNotificationManager.java:217)
at com.tranme.guide.notificationmgt.business.ejb.impl.NotificationManagementFacadeBeanImpl.updateReportGenerationStatus(NotificationManagementFacadeBeanImpl.java:123)
at com.tranme.guide.notificationmgt.business.ejb.impl.NotificationManagementFacadeBeanImpl_z3lp9c_EOImpl.updateReportGenerationStatus(NotificationManagementFacadeBeanImpl_z3lp9c_EOImpl.java:140)
at com.tranme.guide.notificationmgt.business.ejb.impl.NotificationManagementFacadeBeanImpl_z3lp9c_EOImpl_WLSkel.invoke(Unknown Source)
at weblogic.rmi.internal.BasicServerRef.invoke(BasicServerRef.java:589)
at weblogic.rmi.cluster.ClusterableServerRef.invoke(ClusterableServerRef.java:230)
at weblogic.rmi.internal.BasicServerRef$1.run(BasicServerRef.java:477)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:147)
at weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.java:473)
at weblogic.rmi.internal.wls.WLSExecuteRequest.run(WLSExecuteRequest.java:118)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
Caused by: com.crystaldecisions.sdk.exception.SDKException$ConfidentialChannelFailed: Impossible d'굡blir un canal confidentiel. (FWM 02119)
cause:com.businessobjects.bcm.exception.FIPSError: Cryptographic library is not FIPS-140-compliant.
detail:Impossible d'굡blir un canal confidentiel. (FWM 02119) Cryptographic library is not FIPS-140-compliant.
at com.crystaldecisions.sdk.occa.security.internal.ConfidentialChannelService.establishConfidentialChannel(ConfidentialChannelService.java:199)
at com.crystaldecisions.sdk.occa.security.internal.ConfidentialChannelService.createConfidentialChannel(ConfidentialChannelService.java:145)
at com.crystaldecisions.sdk.occa.security.internal.CCMap.locateCCItem(CCMap.java:63)
at com.crystaldecisions.sdk.occa.security.internal.LogonService.doUserLogon(LogonService.java:845)
at com.crystaldecisions.sdk.occa.security.internal.LogonService.doUserLogon(LogonService.java:805)
at com.crystaldecisions.sdk.occa.security.internal.LogonService.userLogon(LogonService.java:210)
at com.crystaldecisions.sdk.occa.security.internal.SecurityMgr.userLogon(SecurityMgr.java:166)
at com.crystaldecisions.sdk.framework.internal.SessionMgr.logon_aroundBody0(SessionMgr.java:454)
at com.crystaldecisions.sdk.framework.internal.SessionMgr.logon_aroundBody1$advice(SessionMgr.java:512)
at com.crystaldecisions.sdk.framework.internal.SessionMgr.logon(SessionMgr.java:1)
at com.tranme.guide.commonservices.report.CrystalReportHelper.getSession(CrystalReportHelper.java:156)
at com.tranme.guide.commonservices.report.CrystalReportHelper.getReportInfoObjectsByReportName(CrystalReportHelper.java:502)
... 15 more
Caused by: com.businessobjects.bcm.exception.FIPSError: Cryptographic library is not FIPS-140-compliant.
at com.businessobjects.bcm.internal.BcmRsaLib.CheckStartupErrors(BcmRsaLib.java:28)
at com.businessobjects.bcm.internal.DHKeyAgreeImpl.<init>(DHKeyAgreeImpl.java:22)
at com.businessobjects.bcm.BCM.createKeyAgreement(BCM.java:1080)
at com.crystaldecisions.sdk.occa.security.internal.ConfidentialChannelService.establishConfidentialChannel(ConfidentialChannelService.java:175)
... 26 more
The BO SDK lib are in weblogic classpath (this is how the dev before me decided to implement them).
I've already tried solution proposed by SAP's forum without any luck.
1 answers
solution1
1 ACCPTED 2016-10-04 03:43:51
WLS 11G needs these things to be configured for FIPS-compliant SSL connections :
- cryptojFIPS.jar is added to the
PRE_CLASSPATHvariable (this does something similar to what the SAP forum suggested ) - The command line argument
-Dweblogic.security.SSL.nojce=trueis specified. - The JVM has unlimited-strength JCE (more details here for WLS12C but the steps are similar). This might already be set up.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.
Related Question
How to make existing Java code FIPS 140-2 compliant?
INST-6193 during Weblogic Admin Server config (11gR2)
Which JCE providers are FIPS 140-2 compliant?
Is Java AES encryption FIPS 140-2 compliant?
Configure Bouncy Castle padding mechanism for public key in FIPS-140 mode
FIPS 140-2 compliant random number generator - Java
insert float from java application into Oracle Database 11gr2
Tomcat, Logon denied for Oracle Database 11gR2
How to build fips compliant sqlcipher to call FIPS_mode_set(1)
OIM 11gR2 PS3 Save Justification of Request on Create User
Related Tags