Good afternoon,
I have a java application that is failing to deploy on FIPS enabled Kubernetes node. I get the following error on startup:
org.springframework.beans.factory.BeanCreationException: Error occured reading security configuration; nested exception is java.io.IOException: java.security.KeyStoreException: JCEKS not found
java.security.NoSuchAlgorithmException: JCEKS KeyStore not available
From reading https://bugzilla.redhat.com/show_bug.cgi?id=1759335, it appears that this "issue" was introduced in openjdk 1.8.0 but is not considered a bug according to redhat. The expectation is to use the NSS keystore database instead of a file keystore.
This is a java container app that runs with its own cacerts file. I tried to recreate the cacerts as a JCEKS keystore but receive an error of JCEKS not found.
Thoughts on how I can make a containerized java application run on a FIPS enabled node while running OpenJDK 1.8.0?
I have tried to set:
JDK_JAVA_OPTIONS='-Dcom.redhat.fips=false'
-Dcom.redhat.fips=false
without luck and still recieve the same error.
Needed to post those -Dcom options into JAVA_TOOLS_OPTIONS to get this to work.