NVE:keytool 報告在FIPS140模式中不允許使用演算法:PBE/PKCS12/SHA1/RC2/CBC/40

Summary: 在 NetWorker Virtual Edition (NVE) 裝置上使用 java keytool 公用程式會回報「在 FIPS140 模式中不允許使用演算法:PBE/PKCS12/SHA1/RC2/CBC/40”

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Symptoms

爪哇 keytool 公用程式可用來管理多種 NetWorker 服務所使用的憑證。
使用 keytool NetWorker Virtual Edition (NVE) 裝置上的命令會回報下列錯誤:

keytool error: java.lang.SecurityException: Algorithm not allowable in FIPS140 mode: PBE/PKCS12/SHA1/RC2/CBC/40

範例:

nve:~/certs # keytool -importkeystore -destkeystore /nsr/authc/conf/authc.keystore -srckeystore /tmp/$hostname.tomcat.authc.p12 -srcstoretype PKCS12
Importing keystore /tmp/nve.saml.authc.p12 to /nsr/authc/conf/authc.keystore...
Enter destination keystore password:
Enter source keystore password:
keytool error: java.lang.SecurityException: Algorithm not allowable in FIPS140 mode: PBE/PKCS12/SHA1/RC2/CBC/40

Cause

可使用 keytool 正在從 /usr/bin 路徑,以符號方式連結到 Oracle Java 安裝。

nve:~ # ls -lrt /usr/bin/keytool
lrwxrwxrwx 1 root root 25 May 31  2024 /usr/bin/keytool -> /etc/alternatives/keytool
nve:~ #
nve:~ # ls -lrt /etc/alternatives/keytool
lrwxrwxrwx 1 root root 49 Oct 25 11:13 /etc/alternatives/keytool -> /usr/lib/jvm/jre-1.8.0_421-oracle-x64/bin/keytool


使用 NetWorker Runtime Environment (NRE) java 時未發現此錯誤 keytool 公用程式:

nve:~ # ls -lrt /opt/nre/java/latest/bin/keytool 
-rwxr-xr-x 1 root root 8840 Oct 26 21:04 /opt/nre/java/latest/bin/keytool

nve:~/certs # /opt/nre/java/latest/bin/keytool -importkeystore -destkeystore /nsr/authc/conf/authc.keystore -srckeystore /tmp/$hostname.tomcat.authc.p12 -srcstoretype PKCS12
Importing keystore /tmp/nve.tomcat.authc.p12 to /nsr/authc/conf/authc.keystore...
Enter destination keystore password:
Enter source keystore password:
Existing entry alias emcauthctomcat exists, overwrite? [no]:  y
Entry for alias emcauthctomcat successfully imported.
Import command completed:  1 entries successfully imported, 0 entries failed or cancelled

Resolution

使用時 keytool 在 NVE 上,請務必指定 NetWorker 執行階段環境 (NRE) 的完整路徑 keytool 公用程式:

/opt/nre/java/latest/bin/keytool OPTIONS

Additional Information

NetWorker:如何匯入或更換「authc」和「NWUI」(Linux)
的認證機構簽署憑證NetWorker:如何從 NetWorker Web 使用者介面 (NWUI) 設定「AD over SSL」(LDAPS)

Affected Products

NetWorker

Products

NetWorker Family
Article Properties
Article Number: 000270468
Article Type: Solution
Last Modified: 16 Dec 2025
Version:  3
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.