NVE: Replacing the NetWorker authentication service self-signed certificates generated a cipher error

Summary: Replacing the NetWorker authentication service self-signed certificates generated a cipher error.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Symptoms

Replacing the NetWorker authentication service self-signed certificates on a NetWorker Virtual Edition (NVE) generated a cipher error.

Error message:

139637988316816:error:32067085:lib(50):B_CIPHER_IV_crypt:fips not allowed:b_cipher.c:338:
139637988316816:error:23077006:PKCS12 routines:PKCS12_pbe_crypt:EVP lib:p12_decr.c:99:
139637988316816:error:2306C067:PKCS12 routines:PKCS12_item_i2d_encrypt:encrypt error:p12_decr.c:188:
139637988316816:error:23073067:PKCS12 routines:PKCS12_pack_p7encdata:encrypt error:p12_add.c:219:

Error was generated when running the following commands.

openssl pkcs12 -export -in $cert -inkey $key -name emcauthctomcat -out /tmp/$hostname.tomcat.authc.p12 -password pass:$authc_storepass
openssl pkcs12 -export -in $cert -inkey $key -name emcauthcsaml -out /tmp/$hostname.saml.authc.p12 -password pass:$authc_storepass

Cause

FIPS mode is enabled on the NetWorker server.

Resolution

1. Disable FIPS mode, run 

/usr/local/networker/bin/fips_networker.sh off

2. Reboot the NetWorker server.
3. Validate that FIPS mode is disabled:

/usr/local/networker/bin/fips_networker.sh status

The following message would be displayed: FIPS: off

Additional Information

To replace the NetWorker authentication service self-signed certificates, see KB: NetWorker: How to Import or Replace Certificate Authority Signed Certificates for "Authc" and "NWUI" (Linux)

Article Properties
Article Number: 000273217
Article Type: Solution
Last Modified: 21 Jan 2025
Version:  1
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.