Bug 1572548

Summary: IPA install with external-CA is failing when FIPS mode enabled. [rhel-7.5.z]
Product: Red Hat Enterprise Linux 7 Reporter: Oneata Mircea Teodor <toneata>
Component: pki-coreAssignee: Endi Sukma Dewata <edewata>
Status: CLOSED ERRATA QA Contact: Asha Akkiangady <aakkiang>
Severity: high Docs Contact:
Priority: high    
Version: 7.5CC: edewata, ftweedal, ksiddiqu, mharmsen, msauton, myusuf, ndehadra, pvoborni, rcritten, slaznick, tscherf
Target Milestone: rcKeywords: Regression, TestCaseProvided, ZStream
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Fixed In Version: pki-core-10.5.1-12.el7_5 Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of: 1567910 Environment:
Last Closed: 2018-06-26 16:47:58 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On: 1567910    
Bug Blocks:    

Description Oneata Mircea Teodor 2018-04-27 10:01:06 UTC
This bug has been copied from bug #1567910 and has been proposed to be backported to 7.5 z-stream (EUS).

Comment 3 Endi Sukma Dewata 2018-04-27 20:13:51 UTC
Fixed in upstream 10.5 branch:
* https://github.com/dogtagpki/pki/commit/d61f9729dcc102c9acbbaa8129fffb6c30fb7116

Comment 4 Matthew Harmsen 2018-05-21 20:41:14 UTC
The fix can be verified with the procedure provided in the original bug description, either with IPA or without IPA.

Comment 6 Nikhil Dehadrai 2018-06-07 07:19:58 UTC
IPA-Version: ipa-4.5.4-10.el7_5.2

Verified the bug on the basis of following observations:
1. Verified that IPA-server installation using External-CA in FIPS mode is successful.

2. Verified that plain IPA-server installation using External-CA is successful.

Thus on the basis of above observations, marking bug as 'Verified'

Comment 9 errata-xmlrpc 2018-06-26 16:47:58 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.