NVE: keytool informa que el algoritmo no está permitido en el modo FIPS140: PBE/PKCS12/SHA1/RC2/CBC/40

Summary: El uso de la utilidad java keytool en un dispositivo NetWorker Virtual Edition (NVE) informa "Algoritmo no permitido en el modo FIPS140: PBE/PKCS12/SHA1/RC2/CBC/40"

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Symptoms

La utilidad Keytool de Java se utiliza para administrar los certificados utilizados por varios servicios de NetWorker.
El uso del comando keytool en un dispositivo NetWorker Virtual Edition (NVE) informa el siguiente error:

keytool error: java.lang.SecurityException: Algorithm not allowable in FIPS140 mode: PBE/PKCS12/SHA1/RC2/CBC/40

Ejemplo:

nve:~/certs # keytool -importkeystore -destkeystore /nsr/authc/conf/authc.keystore -srckeystore /tmp/$hostname.tomcat.authc.p12 -srcstoretype PKCS12
Importing keystore /tmp/nve.saml.authc.p12 to /nsr/authc/conf/authc.keystore...
Enter destination keystore password:
Enter source keystore password:
keytool error: java.lang.SecurityException: Algorithm not allowable in FIPS140 mode: PBE/PKCS12/SHA1/RC2/CBC/40

Cause

El comando keytool se extrae de /usr/bin, que está vinculado simbólicamente a Oracle JRE desde otra ubicación. 

nve:~ # ls -lrt /usr/bin/keytool
lrwxrwxrwx 1 root root 25 May 31  2024 /usr/bin/keytool -> /etc/alternatives/keytool
nve:~ #
nve:~ # ls -lrt /etc/alternatives/keytool
lrwxrwxrwx 1 root root 49 Oct 25 11:13 /etc/alternatives/keytool -> /usr/lib/jvm/jre-1.8.0_421-oracle-x64/bin/keytool


El error no se observa cuando se utiliza la utilidad Java Keytool del entorno de tiempo de ejecución de NetWorker (NRE):

nve:~ # ls -lrt /opt/nre/java/latest/bin/keytool 
-rwxr-xr-x 1 root root 8840 Oct 26 21:04 /opt/nre/java/latest/bin/keytool

nve:~/certs # /opt/nre/java/latest/bin/keytool -importkeystore -destkeystore /nsr/authc/conf/authc.keystore -srckeystore /tmp/$hostname.tomcat.authc.p12 -srcstoretype PKCS12
Importing keystore /tmp/nve.tomcat.authc.p12 to /nsr/authc/conf/authc.keystore...
Enter destination keystore password:
Enter source keystore password:
Existing entry alias emcauthctomcat exists, overwrite? [no]:  y
Entry for alias emcauthctomcat successfully imported.
Import command completed:  1 entries successfully imported, 0 entries failed or cancelled

Resolution

Cuando utilice keytool en NVE, asegúrese de especificar la ruta completa a la utilidad keytool del entorno de tiempo de ejecución de NetWorker (NRE):

/opt/nre/java/latest/bin/keytool OPTIONS

Additional Information

NetWorker: Cómo importar o reemplazar certificados firmados por una autoridad de certificación para "Authc" y "NWUI" (Linux)
NetWorker: Cómo configurar "AD mediante SSL" (LDAPS) desde la interfaz de usuario web de NetWorker (NWUI)

Affected Products

NetWorker

Products

NetWorker Family
Article Properties
Article Number: 000270468
Article Type: Solution
Last Modified: 16 ديسمبر 2025
Version:  3
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.