NVE:更換 NetWorker 驗證服務自我簽署憑證產生加密錯誤

Summary: 更換 NetWorker 驗證服務自我簽署憑證時產生加密錯誤。

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Symptoms

在 NetWorker Virtual Edition (NVE) 上更換 NetWorker 驗證服務自我簽署憑證時產生加密錯誤。

Error message:

139637988316816:error:32067085:lib(50):B_CIPHER_IV_crypt:fips not allowed:b_cipher.c:338:
139637988316816:error:23077006:PKCS12 routines:PKCS12_pbe_crypt:EVP lib:p12_decr.c:99:
139637988316816:error:2306C067:PKCS12 routines:PKCS12_item_i2d_encrypt:encrypt error:p12_decr.c:188:
139637988316816:error:23073067:PKCS12 routines:PKCS12_pack_p7encdata:encrypt error:p12_add.c:219:

執行下列命令時產生錯誤。

openssl pkcs12 -export -in $cert -inkey $key -name emcauthctomcat -out /tmp/$hostname.tomcat.authc.p12 -password pass:$authc_storepass
openssl pkcs12 -export -in $cert -inkey $key -name emcauthcsaml -out /tmp/$hostname.saml.authc.p12 -password pass:$authc_storepass

Cause

NetWorker 伺服器上已啟用 FIPS 模式。

Resolution

1.停用 FIPS 模式,執行 

/usr/local/networker/bin/fips_networker.sh off

2.重新開機 NetWorker 伺服器。
3.驗證 FIPS 模式是否已停用:

/usr/local/networker/bin/fips_networker.sh status

將顯示以下訊息:FIPS:關閉

Additional Information

若要更換 NetWorker 驗證服務自我簽署憑證,請參閱 KB:NetWorker:如何匯入或更換「authc」和「NWUI」(Linux) 的認證機構簽署憑證

Article Properties
Article Number: 000273217
Article Type: Solution
Last Modified: 21 Jan 2025
Version:  1
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.