NVE: keytool-rapporter Algoritme ikke tilladt i FIPS140 tilstand: PBE/PKCS12/SHA1/RC2/CBC/40
Summary: Brug af java keytool-hjælpeprogrammet på en NetWorker Virtual Edition (NVE)-enhed rapporterer "Algoritmen er ikke tilladt i FIPS140 tilstand: PBE/PKCS12/SHA1/RC2/CBC/40"
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Symptoms
Java keytool-værktøjet bruges til at administrere certifikater, der bruges af forskellige NetWorker-tjenester.
Brug af keytool-kommandoen på en NetWorker Virtual Edition-enhed (NVE) rapporterer følgende fejl:
keytool error: java.lang.SecurityException: Algorithm not allowable in FIPS140 mode: PBE/PKCS12/SHA1/RC2/CBC/40
Eksempel:
nve:~/certs # keytool -importkeystore -destkeystore /nsr/authc/conf/authc.keystore -srckeystore /tmp/$hostname.tomcat.authc.p12 -srcstoretype PKCS12
Importing keystore /tmp/nve.saml.authc.p12 to /nsr/authc/conf/authc.keystore...
Enter destination keystore password:
Enter source keystore password:
keytool error: java.lang.SecurityException: Algorithm not allowable in FIPS140 mode: PBE/PKCS12/SHA1/RC2/CBC/40
Cause
Keytool-kommandoen hentes fra /usr/bin, som symbolsk er knyttet til oracle JRE fra et andet sted.
nve:~ # ls -lrt /usr/bin/keytool
lrwxrwxrwx 1 root root 25 May 31 2024 /usr/bin/keytool -> /etc/alternatives/keytool
nve:~ #
nve:~ # ls -lrt /etc/alternatives/keytool
lrwxrwxrwx 1 root root 49 Oct 25 11:13 /etc/alternatives/keytool -> /usr/lib/jvm/jre-1.8.0_421-oracle-x64/bin/keytool
Fejlen opstår ikke ved brug af java-nøgleværktøjet i NetWorker Runtime Environment (NRE):
nve:~ # ls -lrt /opt/nre/java/latest/bin/keytool -rwxr-xr-x 1 root root 8840 Oct 26 21:04 /opt/nre/java/latest/bin/keytool nve:~/certs # /opt/nre/java/latest/bin/keytool -importkeystore -destkeystore /nsr/authc/conf/authc.keystore -srckeystore /tmp/$hostname.tomcat.authc.p12 -srcstoretype PKCS12 Importing keystore /tmp/nve.tomcat.authc.p12 to /nsr/authc/conf/authc.keystore... Enter destination keystore password: Enter source keystore password: Existing entry alias emcauthctomcat exists, overwrite? [no]: y Entry for alias emcauthctomcat successfully imported. Import command completed: 1 entries successfully imported, 0 entries failed or cancelled
Resolution
Når du bruger keytool på NVE, skal du sørge for at angive den fulde sti til NetWorker Runtime Environment (NRE) keytool-værktøjet:
/opt/nre/java/latest/bin/keytool OPTIONS
Additional Information
NetWorker: Sådan importeres eller erstattes certifikatmyndighedssignerede certifikater for "Authc" og "NWUI" (Linux)
NetWorker: Sådan konfigureres "AD over SSL" (LDAPS) fra NetWorker Web User Interface (NWUI)
Affected Products
NetWorkerProducts
NetWorker FamilyArticle Properties
Article Number: 000270468
Article Type: Solution
Last Modified: 16 ديسمبر 2025
Version: 3
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.