After Configuring FIPS Mode in WebLogic Server - SSLContext Initialization Errors Occur - Need to Convert Trust Keystore for FIPS Compliance
(Doc ID 2493872.1)
Last updated on SEPTEMBER 28, 2020
Applies to:Oracle WebLogic Server - Version 188.8.131.52.0 to 184.108.40.206.0 [Release 12c]
Information in this document applies to any platform.
When you enable FIPS mode for WebLogic Server, Java SSL Context initialization exceptions may occur. If you have configured the Oracle Identity Cloud Integrator provider, users from Oracle Identity Cloud Service may fail to authenticate.
When you enable JDK debug (-Djavax.net.debug=ssl), error messages for the exception are similar to the following:
Key Store type: jks
Initializing key managers
Exception while initializing default context JKS keystores cannot be loaded in FIPS-140 mode.
Only PKCS12 PBES2 key stores are supported
If you are using a PKCS12 keystore that is not FIPS compliant (created with the keytool command using the Sun JSSE provider for example), you may also receive an error similar to the following when using the keytool command:
FIPS140 mode: PBE/PKCS12/SHA1/RC2/CBC/40
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document