Steve, Thank you for your quick reply. We are trying to follow the User's Guide when building.
We did the following: For OpenSSLFips (openssl-fips-1.2) ./config make make install For OpenSSL (openssl-1.0.1c) ./configure fips --prefix=/WWW/openssl --withfipslibdir=/usr/local/ssl/fips-2.0/lib make make test make install Is there anything that make test or other commands we could run on the built openSSL to see if it was built incorrectly? Thanks This is a PRIVATE message. If you are not the intended recipient, please delete without copying and kindly advise us by e-mail of the mistake in delivery. NOTE: Regardless of content, this e-mail shall not operate to bind CSC to any order or other contract unless pursuant to explicit written agreement or government initiative expressly permitting the use of e-mail for such purpose. From: Steve Marquess <marqu...@opensslfoundation.com> To: openssl-users@openssl.org Cc: Jerry Blasdel/USA/CSC@CSC Date: 12/17/2012 02:59 PM Subject: Re: FIPS enable Apache 2.4.3 with OpenSSL 1.0.1c-fips On 12/17/2012 12:32 PM, Jerry Blasdel wrote: > All, > > We are trying to get a FIPS enabled Apache 2.4.3 built with OpenSSL 1.01. > > Everything appeared to build correctly but when we try to start Apache > with SSLFIPS on directive we get the following error: > > ... > Library Error: error:2D06B06F:FIPS > routines:FIPS_check_incore_fingerprint:fingerprint does not match > [Mon Dec 17 17:23:13.134150 2012] [ssl:emerg] [pid 10703:tid 1] AH02312: > Fatal error initialising mod_ssl, exiting. > /WWW/apache2/apache/logs > > What could be the cause of this error? There are a multitude of ways the special FIPS module link could fail. But, I suspect your problem probably has nothing to do with Apache httpd. Absent some very unusual circumstances any system that is running httpd should be using shared OpenSSL libraries, which means it is your "FIPS capable" OpenSSL that was not built correctly. Have you tried following the examples of building "FIPS capable" OpenSSL libraries in the User Guide? -Steve M. -- Steve Marquess OpenSSL Software Foundation, Inc. 1829 Mount Ephraim Road Adamstown, MD 21710 USA +1 877 673 6775 s/b +1 301 874 2571 direct marqu...@opensslfoundation.com marqu...@openssl.com
