Description of problem: Admin server console throws IOException when accessing Encryption Tab. This issue occurs only when SSL is enabled with FIPS mode. Version-Release number of selected component (if applicable): 389-admin-1.1.41-1.el7dsrv How reproducible: Consistently Steps to Reproduce: 1. Install DS10.0 admin console and directory server packages on RHEL7.1 latest. yum -y install redhat-ds 389-adminutil idm-console-framework 2. Create admin and directory server instances using setup-ds-admin.pl. 3. Enable FIPS mode. modutil -dbdir /etc/dirsrv/admin-serv -fips true modutil -dbdir /etc/dirsrv/slapd-M1 -fips true 4. Restart servers. 5. Access Encryption tab from admin server console. Result: Success 6. Select "Enable SSL for this server" and "use this cipher family: RSA" from the Encryption tab and Save the changes. 7. Restart admin server from command line and access Encryption tab. 8. It hangs for 10 to 15 secs and throws IOException. See attachment - IOException 9. Click "OK" to clear the exception and you will see the Encryption tab hides the Cipher family option. See attachment - EncrptionTab Actual results: Encryption tab throws IOException in FIPS/SSL mode. Expected results: It should work with FIPS/SSL enabled mode. Additional info:
Created attachment 1036735 [details] IOException
Created attachment 1036737 [details] EncrptionTab
The reproduction steps seem to be incomplete. In the steps provided SSL certificates are never created. Is this intentional? So in step [6] I can not click "save" because of the missing certificate. This prevents me from following the remaining steps. If I setup SSL certificates before enabling fips, then everything works correctly and I can access the encryption tab in both the DS and AS. Am I missing something, or should this be closed as "worksforme"?
(In reply to mreynolds from comment #3) > The reproduction steps seem to be incomplete. In the steps provided SSL > certificates are never created. Is this intentional? > I missed that in the steps, sorry :( > So in step [6] I can not click "save" because of the missing certificate. > This prevents me from following the remaining steps. > > If I setup SSL certificates before enabling fips, then everything works > correctly and I can access the encryption tab in both the DS and AS. I repeated everything with the new setupssl2.sh script and it worked fine. > > Am I missing something, or should this be closed as "worksforme"? Yeah, please go ahead and close it.
Based on comment#4, closing the bug.