Bug 1229689 - Console throws IOExcpetion when trying to access the Encryption tab with FIPS mode enabled
Summary: Console throws IOExcpetion when trying to access the Encryption tab with FIPS...
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Red Hat Directory Server
Classification: Red Hat
Component: Directory Console
Version: 10.0
Hardware: x86_64
OS: Linux
medium
medium
Target Milestone: DS10.1
: ---
Assignee: Noriko Hosoi
QA Contact: Viktor Ashirov
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2015-06-09 12:41 UTC by Sankar Ramalingam
Modified: 2020-09-13 21:47 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-08-24 07:18:59 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)
IOException (929.07 KB, image/png)
2015-06-09 12:42 UTC, Sankar Ramalingam 		no flags Details
EncrptionTab (937.58 KB, image/png)
2015-06-09 12:43 UTC, Sankar Ramalingam 		no flags Details
View All


Links
System ID Private Priority Status Summary Last Updated
Github 389ds 389-ds-base issues 1986 0 None None None 2020-09-13 21:47:48 UTC

Description Sankar Ramalingam 2015-06-09 12:41:03 UTC 
Description of problem: Admin server console throws IOException when accessing Encryption Tab. This issue occurs only when SSL is enabled with FIPS mode.


Version-Release number of selected component (if applicable): 389-admin-1.1.41-1.el7dsrv


How reproducible: Consistently


Steps to Reproduce:
1. Install DS10.0 admin console and directory server packages on RHEL7.1 latest.
    yum -y install redhat-ds 389-adminutil idm-console-framework
2. Create admin and directory server instances using setup-ds-admin.pl.
3. Enable FIPS mode.
   modutil -dbdir /etc/dirsrv/admin-serv -fips true
   modutil -dbdir /etc/dirsrv/slapd-M1 -fips true
4. Restart servers.
5. Access Encryption tab from admin server console.
   Result: Success
6. Select "Enable SSL for this server" and "use this cipher family: RSA" from the Encryption tab and Save the changes.
7. Restart admin server from command line and access Encryption tab.
8. It hangs for 10 to 15 secs and throws IOException. See attachment - IOException
9. Click "OK" to clear the exception and you will see the Encryption tab hides the Cipher family option. See attachment - EncrptionTab

Actual results: Encryption tab throws IOException in FIPS/SSL mode.

Expected results: It should work with FIPS/SSL enabled mode.


Additional info:
Comment 1 Sankar Ramalingam 2015-06-09 12:42:40 UTC 
Created attachment 1036735 [details]
IOException
Comment 2 Sankar Ramalingam 2015-06-09 12:43:46 UTC 
Created attachment 1036737 [details]
EncrptionTab
Comment 3 mreynolds 2016-08-19 15:57:30 UTC 
The reproduction steps seem to be incomplete.  In the steps provided SSL certificates are never created.  Is this intentional?

So in step [6] I can not click "save" because of the missing certificate.  This prevents me from following the remaining steps.

If I setup SSL certificates before enabling fips, then everything works correctly and I can access the encryption tab in both the DS and AS.

Am I missing something, or should this be closed as "worksforme"?
Comment 4 Sankar Ramalingam 2016-08-23 15:20:49 UTC 
(In reply to mreynolds from comment #3)
> The reproduction steps seem to be incomplete.  In the steps provided SSL
> certificates are never created.  Is this intentional?
> 
I missed that in the steps, sorry :(
> So in step [6] I can not click "save" because of the missing certificate. 
> This prevents me from following the remaining steps.
> 
> If I setup SSL certificates before enabling fips, then everything works
> correctly and I can access the encryption tab in both the DS and AS.
I repeated everything with the new setupssl2.sh script and it worked fine.
> 
> Am I missing something, or should this be closed as "worksforme"?
Yeah, please go ahead and close it.
Comment 5 Amita Sharma 2016-08-24 07:18:59 UTC 
Based on comment#4, closing the bug.
Note You need to log in before you can comment on or make changes to this bug.