On Sat, Dec 8, 2012 at 5:52 AM, Katta, Srinivasa CTR <ska...@ftc.gov> wrote:
> Hi,**** > > ** ** > > Good Morning.**** > > ** ** > > I was seeing following error message in the apache log file > /usr/local/apache/logs/error_log,When I try to start the httpd daemon.**** > > ** ** > > [Fri Dec 07 16:45:14 2012] [emerg] FIPS mode failed**** > > [Fri Dec 07 16:45:14 2012] [emerg] SSL Library Error: 755413103 > error:2D06B06F:FIPS routines:FIPS_check_incore_fingerprint:fingerprint does > not match**** > > ** ** > > Could you please advise me,How I can start apache server and also me > advise me,If I done any mistakes.**** > > ** ** > > Please find the openssl,openssh and httpd information below.**** > > ** ** > > Thanks,**** > > ** ** > > Srinivas**** > > ** ** > > ** ** > > ** ** > > ** ** > > Here is the server information;**** > > ** ** > > root@hqd-unixtst-s2 #> uname -a**** > > SunOS hqd-unixtst-s2 5.10 Generic_147441-24 i86pc i386 i86pc**** > > root@hqd-unixtst-s2 #>**** > > ** ** > > Here is the openssl information;**** > > ** ** > > root@hqd-unixtst-s2 #> /usr/local/ssl/bin/openssl**** > > OpenSSL> version**** > > OpenSSL 1.0.1c-fips 10 May 2012**** > > OpenSSL>**** > > ** ** > > Here is the openssh information;**** > > ** ** > > root@hqd-unixtst-s2 #> sshd -v**** > > sshd: illegal option -- v**** > > OpenSSH_6.1p1, OpenSSL 1.0.1c-fips 10 May 2012**** > > usage: sshd [-46DdeiqTt] [-b bits] [-C connection_spec] [-c host_cert_file] > **** > > [-f config_file] [-g login_grace_time] [-h host_key_file]**** > > [-k key_gen_time] [-o option] [-p port] [-u len]**** > > root@hqd-unixtst-s2 #>**** > > ** ** > > Here is the apache httpd version information;**** > > ** ** > > root@hqd-unixtst-s2 #> ./httpd -v**** > > Server version: Apache/2.2.23 (Unix)**** > > Server built: Dec 7 2012 15:38:35**** > > root@hqd-unixtst-s2 #>**** > > ** ** > > Here is the httpd build configure options;**** > > ** ** > > ** ** > > #! /bin/sh**** > > #**** > > # Created by configure**** > > ** ** > > "./configure" \**** > > "--prefix=/usr/local/apache" \**** > > "--enable-mime-magic" \**** > > "--enable-info" \**** > > "--enable-imagemap" \**** > > "--enable-speling" \**** > > "--enable-rewrite" \**** > > "--enable-authz-host" \**** > > "--enable-authn-anon" \**** > > "--enable-authn-dbm" \**** > > "--enable-auth-digest" \**** > > "--enable-cern-meta" \**** > > "--enable-expires" \**** > > "--enable-headers" \**** > > "--enable-unique_id" \**** > > "--enable-so" \**** > > "--enable-ssl" \**** > > "--with-ssl=/usr/local/ssl" \**** > > "--with-included-apr" \**** > > "$@" > ----------------------------------------------------------------------------- > **** > > ** ** > > ** ** > > I added SSLFips On option in the httpd-ssl.conf file and right now,I do > not have key files,So,I commented the following lines in the httpd-ssl.conf > file;**** > > #SSLCertificateFile "/usr/local/apache/conf/server.crt"**** > > #SSLCertificateKeyFile "/usr/local/apache/conf/server.key"**** > > ** ** > > ** > As far I can see your apache has been compiled with wrong version of openssl: "--with-ssl=/usr/local/ssl" but your openssl fips is installed under /usr/local/ssl/bin/openssl so no wonder fips is not working. ** > > ** ** > > > ----------------------------------------------------------------------------- > **** > > Srinivasa Rao Katta (Contractor)**** > > Unix Administrator**** > > URS Federal Services, Inc**** > > Desk (202)-326-3170**** > > Cell (571)-276-1846**** > > SCSA,SCNA,RHCT**** > > (Sun Certified System and Network Administrator)**** > > (Redhat Certified Technician)**** > > -----------------------------------**** > > ** ** >
