NCPA Fails to Start in FIPS Mode on RHEL 8

eneumann-comp · Post by **eneumann-comp** » Fri Jul 17, 2020 11:48 am

I am attempting to test out NCPA on a RHEL 8 system and I'm unable to get the agent started while the system is in FIPS mode.

This is the error that I get when attempting to start NCPA:
Jul 17 11:43:03 rhel-8-template.compsych-ad.int systemd[1]: Starting LSB: This manages the NCPA Listener service...
Jul 17 11:43:04 rhel-8-template.compsych-ad.int ncpa_listener[1335]: Starting NCPA Listener: crypto/fips/fips.c:154: OpenSSL internal error: FATAL FIPS SELFTEST FAILURE
Jul 17 11:43:04 rhel-8-template.compsych-ad.int ncpa_listener[1335]: /etc/rc.d/init.d/functions: line 602: 1356 Aborted (core dumped) "$@"
Jul 17 11:43:04 rhel-8-template.compsych-ad.int ncpa_listener[1335]: [FAILED]
Jul 17 11:43:04 rhel-8-template.compsych-ad.int systemd[1]: Started LSB: This manages the NCPA Listener service.

I should clarify a few things:
I tested this with the built-in cert as well as a self-signed cert from our internal CA.
When I disable FIPS mode, NCPA starts up just fine.

scottwilkerson · Post by **scottwilkerson** » Mon Jul 20, 2020 3:30 pm

I'm not sure if NCPA has been tested with a system in FIPS mode, but I see you did what I was going to recommend and open an issue in the project here
https://github.com/NagiosEnterprises/ncpa/issues/655

Nagios Support Forum

NCPA Fails to Start in FIPS Mode on RHEL 8

NCPA Fails to Start in FIPS Mode on RHEL 8

Re: NCPA Fails to Start in FIPS Mode on RHEL 8