Operating tomcat with FIPSmode
Tomcat STIGs require that tomcat is run in fips mode. When the server.xml file is configured to add FIPSmode="on" an error is thrown and the container is exited.
"The FIPS provider must be configured as the default provider when the AprLifecycleListener is configured with FIPS mode [on]"
To recreate this issue simply edit the file /usr/local/tomcat/conf/server.xml to say <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" FIPSMode="on" />
I believe that it requires the base RHEL container to be started in FIPS-mode
I would fork this branch and test it if I could.
Adding RUN update-crypto-policies --set FIPS
in the dockerfile should do the trick.
The image logs me in as USER 1001 so I can't test it out myself, and I don't have permissions to fork this repo for testing.
I love this image and would like to keep using it if possible, can this be added without interfering with anyone else's work?