We are trying to create pkcs12 keystore in FIPS mode using OpenSSL 1.0.1
and it fails with the following error
9uo8bYe2YpDmqEgC[root@vos-i/usr/local/platform/bin/openssl pkcs12 -export
-in tomcat.pem -inkey ../keys/tomcat_priv.pem -out tomcat.keystore
Enter Export Password:
Verifying - Enter Export Password:
4151633544:error:060A60A3:digital envelope
routines:FIPS_CIPHERINIT:disabled for fips:fips_enc.c:142:
4151633544:error:06074078:digital envelope
routines:EVP_PBE_CipherInit:keygen failure:evp_pbe.c:205:
4151633544:error:23077073:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 algor
cipherinit error:p12_decr.c:83:
4151633544:error:2306C067:PKCS12 routines:PKCS12_item_i2d_encrypt:encrypt
error:p12_decr.c:175:
4151633544:error:23073067:PKCS12 routines:PKCS12_pack_p7encdata:encrypt
error:p12_add.c:202:
The same command works in FIPS mode.
So I have the following questions
1. Is there a way to work around issue and still be able to create pkcs12
format keystore in FIPS mode.
2. This command worked in earlier version of openssl like 0.9.8l in FIPS
mode. What has changed in 1.0.1
That it has stopped working in FIPS mode.
Any pointers will be appreciated.
Thanks,
Anamitra
______________________________________________________________________
OpenSSL Project
http://www.openssl.org
User Support Mailing List
openss...@openssl.org
Automated List Manager
majo...@openssl.org