JBoss WildFly FIPS 140-2 compliance on CentOS
Used the info from this blog and Red Hat Site for setting up PKCS11-NSS provider and then added below steps to get it working: Add new socket-binding under socket-binding-group. <socket-binding name="https-myapp" port="7443"/> Add https-listener under subsystem/undertow <https-listener name="https-myapp-listener" socket-binding="https-myapp" security-realm="MyAppRealm" enabled-protocols="TLSv1" enabled-cipher-suites="TLS_RSA_WITH_AES_128_CBC_SHA" /> Add security realm under management/security-realms <security-realm...
How to add a trusted Certificate Autority to Firefox with JSS
java,firefox,ssl,certificate,nss
Here is how to do it with JSS 4.3.1 ! You will find your windows firefox profile directory at %APPDATA%/Mozilla/Firefox/Profiles. Be sure to put all needed native libs in a unique directory and references this directory in the java.library.path, example: -Djava.library.path="C:\dev\firefox\jss-native" Here is the sample code: File firefoxProfilesDir = new...
certutil: function failed: SEC_ERROR_LEGACY_DATABASE: The certificate/key database is in an old, unsupported format
certificate,smime,nss,certificatestore,certutil
I needed to restore the whole .mozilla directory in order to run the certutil successfully. The file cert8.db needs to be in the original directory.
TLS handshake fails between a Java 1.8 client and a Java 1.7 TLS 1.1 server running in FIPS mode, even after disabling TLS 1.2 in the client side
Since the server does not support TLS 1.2, I disabled TLS 1.2 on the client side. I could not figure out why the handshake fails "even after" disabling TLS 1.2 on the client side. Can you please help me with this? And: ... 2014/11/28 15:03:43 | INFO | jvm...