diff --git a/java/org/apache/tomcat/util/net/jsse/JSSEKeyManager.java b/java/org/apache/tomcat/util/net/jsse/JSSEKeyManager.java
index e68e0df03f..c7bddc5b0f 100644
--- a/java/org/apache/tomcat/util/net/jsse/JSSEKeyManager.java
+++ b/java/org/apache/tomcat/util/net/jsse/JSSEKeyManager.java
@@ -120,4 +120,7 @@ public final class JSSEKeyManager extends X509ExtendedKeyManager {
             SSLEngine engine) {
         return delegate.chooseClientAlias(keyType, issuers, null);
     }
+    public  X509KeyManager getDelegate() {
+        return delegate;
+    }
 }
diff --git a/java/org/apache/tomcat/util/net/jsse/JSSESSLContext.java b/java/org/apache/tomcat/util/net/jsse/JSSESSLContext.java
index dcf1fbeac3..f3e12e88c0 100644
--- a/java/org/apache/tomcat/util/net/jsse/JSSESSLContext.java
+++ b/java/org/apache/tomcat/util/net/jsse/JSSESSLContext.java
@@ -51,7 +51,14 @@ class JSSESSLContext implements SSLContext {
             throws KeyManagementException {
         this.kms = kms;
         this.tms = tms;
-        context.init(kms, tms, sr);
+        if (kms != null && context.getProvider().getInfo().indexOf("FIPS") != -1) {
+            KeyManager[] kmds = new KeyManager[kms.length];
+            for (int i = 0; i < kms.length; i++) {
+                kmds[i] = ((JSSEKeyManager) kms[i]).getDelegate();
+            }
+            context.init(kmds, tms, sr);
+        } else
+            context.init(kms, tms, sr);
     }
 
     @Override