I'm still having the same original fingerprint error when I start Apache. [Fri Jan 04 20:22:27.251329 2013] [ssl:emerg] [pid 27764:tid 1] AH01885: FIPS mode failed [Fri Jan 04 20:22:27.251488 2013] [ssl:emerg] [pid 27764:tid 1] SSL Library Error: error:2D06B06F:FIPS routines:FIPS_check_incore_fingerprint:fingerprint does not match [Fri Jan 04 20:22:27.251497 2013] [ssl:emerg] [pid 27764:tid 1] AH02312: Fatal error initialising mod_ssl, exiting.
Are there tests that I can run against my OpenSSL that shows if it was built correctly to handle FIPS mode? Thanks in advance. This is a PRIVATE message. If you are not the intended recipient, please delete without copying and kindly advise us by e-mail of the mistake in delivery. NOTE: Regardless of content, this e-mail shall not operate to bind CSC to any order or other contract unless pursuant to explicit written agreement or government initiative expressly permitting the use of e-mail for such purpose. From: Steve Marquess <marqu...@opensslfoundation.com> To: openssl-users@openssl.org Cc: Jerry Blasdel/USA/CSC@CSC Date: 12/18/2012 09:21 AM Subject: Re: FIPS enable Apache 2.4.3 with OpenSSL 1.0.1c-fips On 12/18/2012 08:57 AM, Jerry Blasdel wrote: > Steve, > > That was a typing error. I verified that I am building: > > Extracting OpenSSL Fips source... > openssl-fips-2.0.1/... > > Extracting OpenSSL source... > openssl-1.0.1c/ACKNOWLEDGMENTS... > > > What steps can I take to help identify the problem with my FIPS capable > built OpenSSL? Well, start at the beginning. Have you tried building the "FIPS capable" OpenSSL per section 4.2 and the examples in the User Guide? Also see the example at: http://opensslfoundation.com/fips/2.0/platforms/linux-native/Makefile which should work in any Linux or Linux-like system (just do "make"). -Steve M. -- Steve Marquess OpenSSL Software Foundation, Inc. 1829 Mount Ephraim Road Adamstown, MD 21710 USA +1 877 673 6775 s/b +1 301 874 2571 direct marqu...@opensslfoundation.com marqu...@openssl.com
