Bug 2019200
| Summary: | IDM fails to setup CA server in EL8.4 w/ FIPS (Backport BZ#2001576 to RHEL 8.4) | |||
|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 8 | Reporter: | Chance Callahan <ccallaha> | |
| Component: | pki-core | Assignee: | Jack Magne <jmagne> | |
| Status: | CLOSED ERRATA | QA Contact: | PKI QE <bugzilla-pkiqe> | |
| Severity: | medium | Docs Contact: | ||
| Priority: | unspecified | |||
| Version: | 8.4 | CC: | aakkiang, abokovoy, ckelley, jmagne, jwboyer, mharmsen, msauton, skhandel, sumenon, toneata, tscherf | |
| Target Milestone: | rc | Keywords: | Triaged, ZStream | |
| Target Release: | --- | |||
| Hardware: | Unspecified | |||
| OS: | Linux | |||
| Whiteboard: | ||||
| Fixed In Version: | pki-core-10.6-8060020211115121442.7e0b02f6 | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | ||
| Clone Of: | ||||
| : | 2026425 2026426 (view as bug list) | Environment: | ||
| Last Closed: | 2022-05-10 13:51:03 UTC | Type: | Bug | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Embargoed: | ||||
| Bug Depends On: | ||||
| Bug Blocks: | 2026425, 2026426 | |||
|
Comment 12
cdorney
2021-11-17 11:53:58 UTC
cdorney:
The commit you listed was the second piece of the fix.
The first part is this:
commit e83a488bcecd9dbf8041108c5957c56ed01d2b46
Author: jmagne <jmagne>
Date: Thu Sep 16 15:48:50 2021 -0700
Fix Bug 2001576 - pki instance creation fails for IPA server in FIPS mode (RHEL-8.5) (#3741)
It looks like this is an issue in FIPS mode because when we restart the subsystem, there is a pki command
that runs before the server runs. In order for this command to succeed, we must alter the python script that
runs pki commands to add the following switch to turn off fips mode in java: "-Dcom.redhat.fips=false".
This allows the JSS proivder to be selected instead of a differnt one which doesn't work for us, when we are in
fips mode.
Also I have all this staged ready to check into dist-git, waiting for the flags / etc.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: pki-core:10.6 security and bug fix update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2022:1851 |