-
Bug
-
Resolution: Not a Bug
-
Blocker
-
None
-
rhel-10.0.beta
-
Yes
-
None
-
Regression
-
rhel-sst-idm-cs
-
ssg_idm
-
None
-
False
-
-
None
-
None
-
None
-
None
-
None
What were you trying to do that didn't work?
CA installation with FIPS enabled VM is failing in exporting the admin certificate at pk12util command. Possibly regression issue due to https://issues.redhat.com/browse/RHEL-45539 fix.
Please provide the package NVR for which bug is seen:
python3-idm-pki-11.5.3-1.el10.noarch
idm-pki-base-11.5.3-1.el10.noarch
idm-jss-5.5.0-2.el10.x86_64
idm-ldapjdk-5.5.0-2.el10.noarch
idm-jss-tomcat-5.5.0-2.el10.x86_64
idm-pki-java-11.5.3-1.el10.noarch
idm-pki-tools-11.5.3-1.el10.x86_64
idm-pki-server-11.5.3-1.el10.noarch
idm-pki-ca-11.5.3-1.el10.noarch
idm-pki-kra-11.5.3-1.el10.noarch
How reproducible:
CI pipeline
Steps to reproduce
- Enable FIPS on RHEL10 VM
- Install CA
Expected results
CA installation with FIPS enabled VM should be successful
Actual results
CA installation in FIPS enabled VM is failing with below error:
INFO: Initializing NSS INFO: Logging into internal token INFO: Using internal token INFO: NSSDatabase: Importing cert PKI CA Administrator for Example.Org into NSS FIPS 140-2 User Private Key INFO: Exporting admin cert into /opt/topology-02-CA/ca_admin_cert.p12 INFO: Creating /opt/topology-02-CA INFO: Exporting PKI CA Administrator for Example.Org cert and key into /opt/topology-02-CA/ca_admin_cert.p12 DEBUG: Command: pk12util -d /opt/topology-02-CA/ca/alias -o /opt/topology-02-CA/ca_admin_cert.p12 -n PKI CA Administrator for Example.Org -w /opt/topology-02-CA/ca/pkcs12_password.conf -k /opt/topology-02-CA/ca/password.conf -c AES-128-CBC -C NONE ERROR: subprocess.CalledProcessError: Command '['pk12util', '-d', '/opt/topology-02-CA/ca/alias', '-o', '/opt/topology-02-CA/ca_admin_cert.p12', '-n', 'PKI CA Administrator for Example.Org', '-w', '/opt/topology-02-CA/ca/pkcs12_password.conf', '-k', '/opt/topology-02-CA/ca/password.conf', '-c', 'AES-128-CBC', '-C', 'NONE']' returned non-zero exit status 28.! ERROR: CalledProcessError: Command '['pk12util', '-d', '/opt/topology-02-CA/ca/alias', '-o', '/opt/topology-02-CA/ca_admin_cert.p12', '-n', 'PKI CA Administrator for Example.Org', '-w', '/opt/topology-02-CA/ca/pkcs12_password.conf', '-k', '/opt/topology-02-CA/ca/password.conf', '-c', 'AES-128-CBC', '-C', 'NONE']' returned non-zero exit status 28. File "/usr/lib/python3.12/site-packages/pki/server/pkispawn.py", line 568, in main deployer.spawn() File "/usr/lib/python3.12/site-packages/pki/server/deployment/__init__.py", line 4986, in spawn scriptlet.spawn(self) File "/usr/lib/python3.12/site-packages/pki/server/deployment/scriptlets/configuration.py", line 188, in spawn admin_cert = deployer.setup_admin_cert(subsystem) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3.12/site-packages/pki/server/deployment/__init__.py", line 3823, in setup_admin_cert self.export_admin_pkcs12() File "/usr/lib/python3.12/site-packages/pki/server/deployment/__init__.py", line 2250, in export_admin_pkcs12 self.pk12util.create_file( File "/usr/lib/python3.12/site-packages/pki/server/deployment/pkihelper.py", line 1728, in create_file subprocess.check_call(command, stdout=fnull, stderr=fnull) File "/usr/lib64/python3.12/subprocess.py", line 413, in check_call raise CalledProcessError(retcode, cmd) Installation failed: Command failed: pk12util -d /opt/topology-02-CA/ca/alias -o /opt/topology-02-CA/ca_admin_cert.p12 -n PKI CA Administrator for Example.Org -w /opt/topology-02-CA/ca/pkcs12_password.conf -k /opt/topology-02-CA/ca/password.conf -c AES-128-CBC -C NONE
