How do you get Solr 8.11 to run on a FIPS enabled environment [closed]

Question

I'm trying to get Solr 8.11.1 working on Red Hat Enterprise Linux release 8.5 (Ootpa). The environment has FIPS enabled and I can't get Solr to start. I've followed Solr's install guide (https://solr.apache.org/guide/8_11/taking-solr-to-production.html) and then I tried following Solr's guide (https://solr.apache.org/guide/8_11/enabling-ssl.html) to enable SSL, but I'm unable to run the keytool command they provide:
keytool -genkeypair -alias solr-ssl -keyalg RSA -keysize 2048 -keypass secret -storepass secret -validity 9999 -keystore solr-ssl.keystore.p12 -storetype PKCS12 -ext SAN=DNS:localhost,IP:XXX.XXX.X.X,IP:127.0.0.1 -dname "CN=localhost, OU=Organizational Unit, O=Organization, L=Location, ST=State, C=Country"

When I try to run that command, I get the following error: keytool error: java.security.KeyStoreException: Key protection algorithm not found: java.lang.NullPointerException

I was able to successfully get the same version of Solr working using the same steps from https://solr.apache.org/guide/8_11/taking-solr-to-production.html on two other RHEL 8 machines, but they did not have FIPS on them. So I'm fairly certain that FIPS is the issue here, but I don't have much experience working with it, so I don't know how to properly start Solr within a FIPS environment. I've tried searching online, but have not come across anything on how to get Solr to run on a FIPS enabled machine. Any help would be much appreciated!

Answer 1

After much research, I was able to get it to run in a STIG'd RHEL with this in /etc/default/solr.in.sh.

SOLR_OPTS="$SOLR_OPTS -Dcom.redhat.fips=false"

I'm not sure what this affects but since the underlying FS is FIPS and I have a PKCS12 SSL cert it all works fine, including SSL connections.

There are open issues with Solr about FIPS mode not working, but no resolution has been posted anywhere.