I see the following error get thrown when trying to run node with the --force-fips flag:
Error: disabled for fips
at Object.createSecureContext (_tls_common.js:158:19)
at Server (_tls_wrap.js:803:25)
at new Server (https.js:54:14)
at Object.createServer (https.js:76:10)
at Object.module.exports.startServer
Following the stack-trace, I was able to figure out that the error get thrown when the "loadPKCS12" method gets executed. (I am passing a keystore to the "pfx" parameter along with the keystore password corresponding to the "passphrase" parameter as part of the options object when bringing up the "https" server instance).
The method definition is in c++ and I am finding it hard to debug the issue. What could the issue be? Could it be an issue with the keystore that I am passing?
I am making use of node v8.9.4 and I am trying this out on a centos machine (centos-release-7-4.1708.el7.centos.x86_64 to be specific)
It seemed to be an issue with the certificate that I was making use of. The certificate was encrypted using an algorithm which was fips in-compliant (40-bit RC2). Generating the certificate (using openssl) by passing in the -descert argument fixed the issue for me (Passing in the descert argument while generating the certificate encrypts the certificate using Triple DES which is fips compliant).
Reference: https://community.rsa.com/docs/DOC-51951