We are trying to create pkcs12 keystore in FIPS mode using OpenSSL 1.0.1 and it fails with the following error
9uo8bYe2YpDmqEgC[root@vos-i/usr/local/platform/bin/openssl pkcs12 -export -in tomcat.pem -inkey ../keys/tomcat_priv.pem -out tomcat.keystore Enter Export Password: Verifying - Enter Export Password: 4151633544:error:060A60A3:digital envelope routines:FIPS_CIPHERINIT:disabled for fips:fips_enc.c:142: 4151633544:error:06074078:digital envelope routines:EVP_PBE_CipherInit:keygen failure:evp_pbe.c:205: 4151633544:error:23077073:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 algor cipherinit error:p12_decr.c:83: 4151633544:error:2306C067:PKCS12 routines:PKCS12_item_i2d_encrypt:encrypt error:p12_decr.c:175: 4151633544:error:23073067:PKCS12 routines:PKCS12_pack_p7encdata:encrypt error:p12_add.c:202: The same command works in FIPS mode. So I have the following questions 1. Is there a way to work around issue and still be able to create pkcs12 format keystore in FIPS mode. 2. This command worked in earlier version of openssl like 0.9.8l in FIPS mode. What has changed in 1.0.1 That it has stopped working in FIPS mode. Any pointers will be appreciated. Thanks, Anamitra ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org