<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p>Please review the attached patches for:</p>
<ul>
<li><a moz-do-not-send="true"
href="https://bugzilla.redhat.com/show_bug.cgi?id=1450143">Bugzilla
Bug #1450143 - CA installation with HSM in FIPS mode fails</a></li>
</ul>
<p>Thanks,<br>
-- Matt</p>
<p>P. S. - The patches were tested on a FIPS-enabled box, and the
output looks similar to the following:</p>
<blockquote>
<p>pkispawn : INFO ... finalizing
'pki.server.deployment.scriptlets.finalization'<br>
pkispawn : INFO ....... executing 'systemctl enable
pki-tomcatd.target'<br>
Created symlink from
/etc/systemd/system/multi-user.target.wants/pki-tomcatd.target
to /usr/lib/systemd/system/pki-tomcatd.target.<br>
pkispawn : INFO ....... executing 'systemctl
daemon-reload'<br>
pkispawn : INFO ....... executing 'systemctl restart
<a class="moz-txt-link-abbreviated" href="mailto:pki-tomcatd@pki-tomcat.service">pki-tomcatd@pki-tomcat.service</a>'<br>
<b>
pkispawn : INFO ........... FIPS mode is enabled on
this operating system.</b><br>
pkispawn : DEBUG ........... No connection - server may
still be down<br>
pkispawn : DEBUG ........... No connection - exception
thrown: ('Connection aborted.', error(111, 'Connection
refused'))<br>
pkispawn : DEBUG ........... No connection - server may
still be down<br>
pkispawn : DEBUG ........... No connection - exception
thrown: ('Connection aborted.', error(111, 'Connection
refused'))<br>
pkispawn : DEBUG ........... <?xml version="1.0"
encoding="UTF-8"
standalone="no"?><XMLResponse><State>1</State><Type>CA</Type><Status>running</Status><Version>10.4.1-4.el7</Version></XMLResponse><br>
pkispawn : INFO ....... rm -rf /opt/RootCA/ca<br>
pkispawn : INFO END spawning subsystem 'CA' of instance
'pki-tomcat'<br>
pkispawn : INFO ... archiving configuration into
'/var/log/pki/pki-tomcat/ca/archive/spawn_deployment.cfg.20170515223006'<br>
pkispawn : INFO ....... cp -p
/etc/sysconfig/pki/tomcat/pki-tomcat/ca/deployment.cfg
/var/log/pki/pki-tomcat/ca/archive/spawn_deployment.cfg.20170515223006<br>
pkispawn : DEBUG ........... chmod 660
/var/log/pki/pki-tomcat/ca/archive/spawn_deployment.cfg.20170515223006<br>
pkispawn : DEBUG ........... chown 17:17
/var/log/pki/pki-tomcat/ca/archive/spawn_deployment.cfg.20170515223006<br>
pkispawn : INFO ... archiving manifest into
'/var/log/pki/pki-tomcat/ca/archive/spawn_manifest.20170515223006'<br>
pkispawn : INFO ....... cp -p
/etc/sysconfig/pki/tomcat/pki-tomcat/ca/manifest
/var/log/pki/pki-tomcat/ca/archive/spawn_manifest.20170515223006<br>
pkispawn : DEBUG ........... chmod 660
/var/log/pki/pki-tomcat/ca/archive/spawn_manifest.20170515223006<br>
pkispawn : DEBUG ........... chown 17:17
/var/log/pki/pki-tomcat/ca/archive/spawn_manifest.20170515223006<br>
<br>
==========================================================================<br>
INSTALLATION SUMMARY<br>
==========================================================================<br>
<br>
Administrator's username: caadmin<br>
Administrator's PKCS #12 file:<br>
/opt/RootCA/caadmincert.p12<br>
<br>
<b> This CA subsystem of the 'pki-tomcat' instance</b><b><br>
</b><b>
has FIPS mode enabled on this operating system.</b><b><br>
</b><b>
</b><b><br>
</b><b>
REMINDER: Don't forget to update the appropriate FIPS</b><b><br>
</b><b>
algorithms in server.xml in the
'pki-tomcat' instance.</b><b><br>
</b><b>
</b><br>
To check the status of the subsystem:<br>
systemctl status <a class="moz-txt-link-abbreviated" href="mailto:pki-tomcatd@pki-tomcat.service">pki-tomcatd@pki-tomcat.service</a><br>
<br>
To restart the subsystem:<br>
systemctl restart <a class="moz-txt-link-abbreviated" href="mailto:pki-tomcatd@pki-tomcat.service">pki-tomcatd@pki-tomcat.service</a><br>
<br>
The URL for the subsystem is:<br>
<a class="moz-txt-link-freetext" href="https://pki.example.com:8443/ca">https://pki.example.com:8443/ca</a><br>
<br>
PKI instances will be enabled upon system boot<br>
<br>
==========================================================================<br>
</p>
</blockquote>
</body>
</html>