"SHA1PRNG SecureRandom not available" when attempting to start the SPE RestAPI service
Article ID: 399986
Updated On:
Products
Protection Engine for Cloud Services
Protection Engine for NAS
Issue/Introduction
The Symantec Protection Engine (SPE) RestAPI service is not available and the entry following is found in the SPE_REST_API.log:
[main] ERROR org.springframework.boot.SpringApplication:818 - Application run failed
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'jasyptStringEncryptor' defined in spe.authentication.config.SPEJasyptEncryptorConfig: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.jasypt.encryption.StringEncryptor]: Factory method 'getPasswordEncryptor' threw exception; nested exception is org.jasypt.exceptions.EncryptionInitializationException: org.jasypt.exceptions.EncryptionInitializationException: java.security.NoSuchAlgorithmException: SHA1PRNG SecureRandom not availableEnvironment
SPE 9.0 or newer installed on RHEL 8.6 or newer with FIPS enabled.
Cause
The installed version of Java is attempting to use SHA1PRNG which is not supported by FIPS
Resolution
Install a version of JDK that supports FIPS.
- Stop the SPE services
sudo /etc/init.d/symcscan stop;sudo /etc/init.d/symcrestapiservice stop
- Uninstall the current version of Java
sudo yum remove <CURRENT_JAVA_VERSION>
- Install OpenJDK (Note: This in this example Amazon OpenJDK is used, however any supported 64bit version of Java 17 or newer can be used)
sudo rpm --import https://yum.corretto.aws/corretto.key;sudo curl -L -o /etc/yum.repos.d/corretto.repo https://yum.corretto.aws/corretto.repo;sudo yum install java-17-amazon-corretto-devel -y
- Restart the SPE services
sudo /etc/init.d/symcrestapiservice start;sudo /etc/init.d/symcscan start
Additional Information
CRE-21508
Feedback
Yes
No
Powered by
