Re: SSL Library Error: error:2D06D075:FIPS routines:fips_pkey_signature_test:test failure (Type=RSA SHA1 X931)

Tue, 12 Aug 2014 06:35:13 -0700 

Thank you for the response.
I already have a SHA-256 self signed certificate with a bit size 2048 but still ended up with the same error. 

I used the following command to create the self signed certificate.


$ openssl req -x509 -sha256 -days 365 -newkey rsa:2048 -keyout 
/etc/pki/tls/private/localhost.key -out /etc/pki/tls/certs/localhost.crt



$ openssl x509 -noout -text -in /etc/pki/tls/certs/localhost.crt | grep 
"Signature Algorithm"

    Signature Algorithm: sha256WithRSAEncryption
    Signature Algorithm: sha256WithRSAEncryption

$ openssl version
OpenSSL 1.0.1i-fips 6 Aug 2014


Any suggestions ?

Regards,
Abdul

On 12-Aug-14 3:02 AM, Kurt Cancemi wrote:

Your using a SHA-1 signed certificate, the current FIPS standard
mandates a SHA-256 (SHA-2) signed certificate with a bit size >= 2048.

---
Kurt Cancemi
https://www.x64Architecture.com


On Mon, Aug 11, 2014 at 5:24 AM, Abdul Anshad <ab...@visolve.com> wrote:

Hello All,

I have a set up which runs Apache http-2.4.10 and Openssl-1.0.1i, when I try
to start the http server with FIPS mode i get the following error.

[Mon Aug 11 14:39:24.407781 2014] [suexec:notice] [pid 380] AH01232: suEXEC
mechanism enabled (wrapper: /apps/apache/2.4.10/bin/suexec)
[Mon Aug 11 14:39:24.428616 2014] [ssl:emerg] [pid 380] AH01885: FIPS mode
failed
[Mon Aug 11 14:39:24.428656 2014] [ssl:emerg] [pid 380] SSL Library Error:
error:2D06D075:FIPS routines:fips_pkey_signature_test:test failure (Type=RSA
SHA1 X931)
[Mon Aug 11 14:39:24.428663 2014] [ssl:emerg] [pid 380] AH02312: Fatal error
initialising mod_ssl, exiting.
AH00016: Configuration Failed

Could somebody help me out with this issue ? Thanks in advance.

--
Regards,
Abdul


---
This email is free from viruses and malware because avast! Antivirus
protection is active.
http://www.avast.com

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-...@openssl.org
Automated List Manager                           majord...@openssl.org

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-...@openssl.org
Automated List Manager                           majord...@openssl.org




---
This email is free from viruses and malware because avast! Antivirus protection 
is active.
http://www.avast.com

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org






















					Reply via email to