Details
-
Documentation
-
Resolution: Duplicate
-
Major
-
None
-
None
-
None
Description
By default in domain mode, the JBoss server instance code creates a custom TrustManager instance. This is not allowed while running the JVM in FIPS mode. As a result, to resolve this issue the server instance needs to be configured to use the trustmanager instance provided by the JVM. This can be accomplished by using the following JBoss CLI command or modifying the host.xml file directly:
CLI:
/host=master/server-config=server-one/ssl=loopback:add(ssl-protocol=TLS, trust-manager-algorithm=SunX509, truststore-type=JKS)
XML:
Raw
<servers>
<server name="server-one" group="main-server-group">
<ssl ssl-protocol="TLS" trust-manager-algorithm="SunX509" truststore-type="JKS"/>
</server>
...
...
</servers>