NVE:keytool 报告FIPS140模式下不允许的算法:PBE/PKCS12/SHA1/RC2/CBC/40
Summary: 在 NetWorker Virtual Edition (NVE) 设备上使用 java keytool 实用程序时报告 “Algorithm not allowable in FIPS140 mode:PBE/PKCS12/SHA1/RC2/CBC/40”
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Symptoms
Java keytool 实用程序用于管理各种 NetWorker 服务使用的证书。
在 NetWorker Virtual Edition (NVE) 设备上使用 keytool 命令报告以下错误:
keytool error: java.lang.SecurityException: Algorithm not allowable in FIPS140 mode: PBE/PKCS12/SHA1/RC2/CBC/40
示例:
nve:~/certs # keytool -importkeystore -destkeystore /nsr/authc/conf/authc.keystore -srckeystore /tmp/$hostname.tomcat.authc.p12 -srcstoretype PKCS12
Importing keystore /tmp/nve.saml.authc.p12 to /nsr/authc/conf/authc.keystore...
Enter destination keystore password:
Enter source keystore password:
keytool error: java.lang.SecurityException: Algorithm not allowable in FIPS140 mode: PBE/PKCS12/SHA1/RC2/CBC/40
Cause
keytool 命令从 /usr/bin 中提取,后者以符号方式从另一个位置链接到 oracle JRE。
nve:~ # ls -lrt /usr/bin/keytool
lrwxrwxrwx 1 root root 25 May 31 2024 /usr/bin/keytool -> /etc/alternatives/keytool
nve:~ #
nve:~ # ls -lrt /etc/alternatives/keytool
lrwxrwxrwx 1 root root 49 Oct 25 11:13 /etc/alternatives/keytool -> /usr/lib/jvm/jre-1.8.0_421-oracle-x64/bin/keytool
使用 NetWorker Runtime Environment (NRE) java keytool 实用程序时未观察到此错误:
nve:~ # ls -lrt /opt/nre/java/latest/bin/keytool -rwxr-xr-x 1 root root 8840 Oct 26 21:04 /opt/nre/java/latest/bin/keytool nve:~/certs # /opt/nre/java/latest/bin/keytool -importkeystore -destkeystore /nsr/authc/conf/authc.keystore -srckeystore /tmp/$hostname.tomcat.authc.p12 -srcstoretype PKCS12 Importing keystore /tmp/nve.tomcat.authc.p12 to /nsr/authc/conf/authc.keystore... Enter destination keystore password: Enter source keystore password: Existing entry alias emcauthctomcat exists, overwrite? [no]: y Entry for alias emcauthctomcat successfully imported. Import command completed: 1 entries successfully imported, 0 entries failed or cancelled
Resolution
在 NVE 上使用 keytool 时,请确保指定 NetWorker Runtime Environment (NRE) keytool 实用程序的完整路径:
/opt/nre/java/latest/bin/keytool OPTIONS
Additional Information
NetWorker:如何导入或替换“authc”和“NWUI”的证书颁发机构签名证书 (Linux)
NetWorker:如何从 NetWorker Web 用户界面 (NWUI) 配置“基于 SSL 的 AD”(LDAPS)
Affected Products
NetWorkerProducts
NetWorker FamilyArticle Properties
Article Number: 000270468
Article Type: Solution
Last Modified: 16 ديسمبر 2025
Version: 3
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.