Cybersecurity
DevOps Cloud
IT Operations Cloud
Summary
Temp CA is not supported for FIPS mode - so this is not a loss of functionality though the error looks ugly
Products
ArcSight Enterprise Security Manager (ESM)
Environment
ESM 7.x
Situation
When run tempca ArcSight command in FIPS mode, the following messages are shown.
$ ./arcsight tempca -i
Assuming ARCSIGHT_HOME: /opt/arcsight/manager
Assuming JAVA_HOME: /opt/arcsight/manager/jre
ArcSight TempCA starting...
java.io.IOException: DER length more than 4 bytes: 109
at org.bouncycastle.asn1.ASN1InputStream.readLength(Unknown Source)
at org.bouncycastle.asn1.ASN1InputStream.readLength(Unknown Source)
at org.bouncycastle.asn1.ASN1InputStream.readObject(Unknown Source)
at org.bouncycastle.jcajce.provider.ProvBCFKS$BCFIPSKeyStoreSpi.engineLoad(Unknown Source)
at java.security.KeyStore.load(KeyStore.java:1445)
at com.arcsight.crypto.SSLKeystore.ensureLoaded(SSLKeystore.java:127)
at com.arcsight.crypto.SSLCAKeystore.getCertificate(SSLCAKeystore.java:72)
at com.arcsight.crypto.SSLTruststore.describeConfig(SSLTruststore.java:254)
at com.arcsight.crypto.TemporaryRootCertificateAuthority.printSSLSetupInformation(TemporaryRootCertificateAuthority.java:326)
at com.arcsight.crypto.TemporaryRootCertificateAuthority.main(TemporaryRootCertificateAuthority.java:579)
Cause
The command was trying to access the keystore for the demo cert (keystore.tempca). Demo cert is never used for FIPS mode and thus that keystore is never configured for FIPS. Made changes to exclude looking at that keystore in FIPS mode.
Resolution
Besides temp CA is not supported for FIPS mode - so this is not a loss of functionality though the error looks ugly.
URL Name
KM000011961