NCPA Fails to Start in FIPS Mode on RHEL 8
Posted: Fri Jul 17, 2020 11:48 am
I am attempting to test out NCPA on a RHEL 8 system and I'm unable to get the agent started while the system is in FIPS mode.
This is the error that I get when attempting to start NCPA:
Jul 17 11:43:03 rhel-8-template.compsych-ad.int systemd[1]: Starting LSB: This manages the NCPA Listener service...
Jul 17 11:43:04 rhel-8-template.compsych-ad.int ncpa_listener[1335]: Starting NCPA Listener: crypto/fips/fips.c:154: OpenSSL internal error: FATAL FIPS SELFTEST FAILURE
Jul 17 11:43:04 rhel-8-template.compsych-ad.int ncpa_listener[1335]: /etc/rc.d/init.d/functions: line 602: 1356 Aborted (core dumped) "$@"
Jul 17 11:43:04 rhel-8-template.compsych-ad.int ncpa_listener[1335]: [FAILED]
Jul 17 11:43:04 rhel-8-template.compsych-ad.int systemd[1]: Started LSB: This manages the NCPA Listener service.
I should clarify a few things:
I tested this with the built-in cert as well as a self-signed cert from our internal CA.
When I disable FIPS mode, NCPA starts up just fine.
This is the error that I get when attempting to start NCPA:
Jul 17 11:43:03 rhel-8-template.compsych-ad.int systemd[1]: Starting LSB: This manages the NCPA Listener service...
Jul 17 11:43:04 rhel-8-template.compsych-ad.int ncpa_listener[1335]: Starting NCPA Listener: crypto/fips/fips.c:154: OpenSSL internal error: FATAL FIPS SELFTEST FAILURE
Jul 17 11:43:04 rhel-8-template.compsych-ad.int ncpa_listener[1335]: /etc/rc.d/init.d/functions: line 602: 1356 Aborted (core dumped) "$@"
Jul 17 11:43:04 rhel-8-template.compsych-ad.int ncpa_listener[1335]: [FAILED]
Jul 17 11:43:04 rhel-8-template.compsych-ad.int systemd[1]: Started LSB: This manages the NCPA Listener service.
I should clarify a few things:
I tested this with the built-in cert as well as a self-signed cert from our internal CA.
When I disable FIPS mode, NCPA starts up just fine.