Upgrading the ipa packages fails if the required openssl version is not installed
When the user attempts to upgrade the *ipa* packages, Identity Management (IdM) does not automatically install the required version of the *openssl* packages. Consequently, if the 1.0.1e-42 version of *openssl* is not installed before the user runs the "yum update ipa*" command, the upgrade fails during the DNSKeySync service configuration.
To work around this problem, update *openssl* manually to version 1.0.1e-42 or later before updating *ipa*. This prevents the upgrade failure.