-
Bug
-
Resolution: Unresolved
-
Normal
-
None
-
rhel-10.0.beta
-
None
-
sst_security_crypto
-
ssg_security
-
False
-
When the system openssl.cnf file is used with slight modifications as the parameter to -config option, the FIPS module initialisation fails:
cp /etc/pki/tls/openssl.cnf openssl.cnf sed -i 's/.*unique_subject.*/unique_subject = yes/' openssl.cnf sed -i 's/^dir.*/dir = \./' openssl.cnf openssl req -config openssl.cnf -passout pass:securepass -new -x509 -days 3650 -extensions v3_ca -keyout private/cakey.pem -out cacert.pem -subj "/C=XX/ST=mystate/L=mytown/O=myorganisation/OU=myou/CN=myname/emailAddress=myemail/"
results in
Error configuring OpenSSL modules 80D204A2497F0000:error:0700006D:configuration file routines:module_run:module initialization error:crypto/conf/conf_mod.c:276:module=providers, value=provider_sect retcode=-1