NVE: keytool reports Algorithm not allowable in FIPS140 mode: PBE/PKCS12/SHA1/RC2/CBC/40

Summary: Het hulpprogramma Java KeyTool gebruiken op een NetWorker Virtual Edition (NVE)-toepassing meldt "Algorithm not allowable in FIPS140 mode: PBE/PKCS12/SHA1/RC2/CBC/40"

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Symptoms

Het hulpprogramma Java KeyTool wordt gebruikt voor het beheren van certificaten die door verschillende NetWorker-services worden gebruikt.
Het gebruik van de opdracht keytool op een NetWorker Virtual Edition (NVE)-apparaat rapporteert de volgende fout:

keytool error: java.lang.SecurityException: Algorithm not allowable in FIPS140 mode: PBE/PKCS12/SHA1/RC2/CBC/40

Voorbeeld:

nve:~/certs # keytool -importkeystore -destkeystore /nsr/authc/conf/authc.keystore -srckeystore /tmp/$hostname.tomcat.authc.p12 -srcstoretype PKCS12
Importing keystore /tmp/nve.saml.authc.p12 to /nsr/authc/conf/authc.keystore...
Enter destination keystore password:
Enter source keystore password:
keytool error: java.lang.SecurityException: Algorithm not allowable in FIPS140 mode: PBE/PKCS12/SHA1/RC2/CBC/40

Cause

Het keytool-commando wordt opgehaald uit /usr/bin, dat symbolisch is gekoppeld aan oracle JRE vanaf een andere locatie. 

nve:~ # ls -lrt /usr/bin/keytool
lrwxrwxrwx 1 root root 25 May 31  2024 /usr/bin/keytool -> /etc/alternatives/keytool
nve:~ #
nve:~ # ls -lrt /etc/alternatives/keytool
lrwxrwxrwx 1 root root 49 Oct 25 11:13 /etc/alternatives/keytool -> /usr/lib/jvm/jre-1.8.0_421-oracle-x64/bin/keytool


De fout wordt niet waargenomen bij het gebruik van de NetWorker Runtime Environment (NRE) Java Keytool Utility:

nve:~ # ls -lrt /opt/nre/java/latest/bin/keytool 
-rwxr-xr-x 1 root root 8840 Oct 26 21:04 /opt/nre/java/latest/bin/keytool

nve:~/certs # /opt/nre/java/latest/bin/keytool -importkeystore -destkeystore /nsr/authc/conf/authc.keystore -srckeystore /tmp/$hostname.tomcat.authc.p12 -srcstoretype PKCS12
Importing keystore /tmp/nve.tomcat.authc.p12 to /nsr/authc/conf/authc.keystore...
Enter destination keystore password:
Enter source keystore password:
Existing entry alias emcauthctomcat exists, overwrite? [no]:  y
Entry for alias emcauthctomcat successfully imported.
Import command completed:  1 entries successfully imported, 0 entries failed or cancelled

Resolution

Wanneer u keytool op NVE gebruikt, moet u het volledige pad naar het hulpprogramma NetWorker Runtime Environment (NRE) specificeren:

/opt/nre/java/latest/bin/keytool OPTIONS

Additional Information

NetWorker: Certificaten importeren of vervangen die door de certificeringsinstantie zijn ondertekend voor "Authc" en "NWUI" (Linux)
NetWorker: AD via SSL (LDAPS) configureren vanuit de NetWorker Web User Interface (NWUI)

Affected Products

NetWorker

Products

NetWorker Family
Article Properties
Article Number: 000270468
Article Type: Solution
Last Modified: 16 Dec 2025
Version:  3
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.