check 'ldd mod_ssl.so' for proper linkage. -Jayadev.
On Tue, Aug 12, 2014 at 7:01 PM, Abdul Anshad <ab...@visolve.com> wrote: > Thank you for the response. > > I already have a SHA-256 self signed certificate with a bit size 2048 but > still ended up with the same error. > > I used the following command to create the self signed certificate. > > $ openssl req -x509 -sha256 -days 365 -newkey rsa:2048 -keyout > /etc/pki/tls/private/localhost.key -out /etc/pki/tls/certs/localhost.crt > > $ openssl x509 -noout -text -in /etc/pki/tls/certs/localhost.crt | grep > "Signature Algorithm" > Signature Algorithm: sha256WithRSAEncryption > Signature Algorithm: sha256WithRSAEncryption > > $ openssl version > OpenSSL 1.0.1i-fips 6 Aug 2014 > > > Any suggestions ? > > Regards, > Abdul > > On 12-Aug-14 3:02 AM, Kurt Cancemi wrote: > >> Your using a SHA-1 signed certificate, the current FIPS standard >> mandates a SHA-256 (SHA-2) signed certificate with a bit size >= 2048. >> >> --- >> Kurt Cancemi >> https://www.x64Architecture.com >> >> >> On Mon, Aug 11, 2014 at 5:24 AM, Abdul Anshad <ab...@visolve.com> wrote: >> >>> Hello All, >>> >>> I have a set up which runs Apache http-2.4.10 and Openssl-1.0.1i, when I >>> try >>> to start the http server with FIPS mode i get the following error. >>> >>> [Mon Aug 11 14:39:24.407781 2014] [suexec:notice] [pid 380] AH01232: >>> suEXEC >>> mechanism enabled (wrapper: /apps/apache/2.4.10/bin/suexec) >>> [Mon Aug 11 14:39:24.428616 2014] [ssl:emerg] [pid 380] AH01885: FIPS >>> mode >>> failed >>> [Mon Aug 11 14:39:24.428656 2014] [ssl:emerg] [pid 380] SSL Library >>> Error: >>> error:2D06D075:FIPS routines:fips_pkey_signature_test:test failure >>> (Type=RSA >>> SHA1 X931) >>> [Mon Aug 11 14:39:24.428663 2014] [ssl:emerg] [pid 380] AH02312: Fatal >>> error >>> initialising mod_ssl, exiting. >>> AH00016: Configuration Failed >>> >>> Could somebody help me out with this issue ? Thanks in advance. >>> >>> -- >>> Regards, >>> Abdul >>> >>> >>> --- >>> This email is free from viruses and malware because avast! Antivirus >>> protection is active. >>> http://www.avast.com >>> >>> ______________________________________________________________________ >>> OpenSSL Project http://www.openssl.org >>> Development Mailing List openssl-...@openssl.org >>> Automated List Manager majord...@openssl.org >>> >> ______________________________________________________________________ >> OpenSSL Project http://www.openssl.org >> Development Mailing List openssl-...@openssl.org >> Automated List Manager majord...@openssl.org >> >> > > --- > This email is free from viruses and malware because avast! Antivirus > protection is active. > http://www.avast.com > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org >
