But can you confirm that my process for building fips openssl is correct? I downloaded openssl 1.2.3, then ran "config fipscanisterbuild", make/make install.... then I can "config fips -with-fipslibdir=/usr/local/ssl/fips1.2.3/lib" make/make install..... is this right?
> Date: Sun, 12 Jun 2011 04:10:39 +0200 > From: st...@openssl.org > To: openssl-users@openssl.org > Subject: Re: Help building FIPS openssl (suitable for apache) > > On Fri, Jun 10, 2011, Sam Theman wrote: > > > > > Hello, > > > > First off, I AM trying to follow the FIPS/OPENSSL user guide.... > > > > What am I doing wrong: > > > > 1.) downloaded fips openssl 1.2.3 > > > > 2) ./config fipscanisterbuild > > make > > make install > > > > > > 3.) ./config fips --with-fipslibdir=/usr/local/ssl/fips1.2.3/lib > > make > > make install > > > > > > 4) build apache with > > > > ./configure --prefix=/usr/local/apache2.2.19 > > --with-ssl=/usr/local/ssl/fips1.2.3 --with-mpm=prefork --with-ldap > > --enable-ssl --enable-dav --enable-dav-fs --enable-dav-lock > > --enable-authnz-ldap --enable-ldap > > > > > > 5. Error: > > > > [root]# ./apachectl start > > Syntax error on line 1 of /usr/local/apache2.2.19/conf/extra/httpd-ssl.conf: > > SSLFIPS invalid, rebuild httpd and openssl compiled for FIPS > > > > > > Looks like Apache isn't seeing the correct header files and not including the > appropriate FIPS code. That's an Apache configuration issue and not OpenSSL. > > Steve. > -- > Dr Stephen N. Henson. OpenSSL project core developer. > Commercial tech support now available see: http://www.openssl.org > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org