NVE:替换 NetWorker 身份验证服务自签名证书生成密码错误

Summary: 替换 NetWorker 身份验证服务自签名证书时生成密码错误。

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Symptoms

替换 NetWorker Virtual Edition (NVE) 上的 NetWorker 身份验证服务自签名证书时生成密码错误。

错误消息:

139637988316816:error:32067085:lib(50):B_CIPHER_IV_crypt:fips not allowed:b_cipher.c:338:
139637988316816:error:23077006:PKCS12 routines:PKCS12_pbe_crypt:EVP lib:p12_decr.c:99:
139637988316816:error:2306C067:PKCS12 routines:PKCS12_item_i2d_encrypt:encrypt error:p12_decr.c:188:
139637988316816:error:23073067:PKCS12 routines:PKCS12_pack_p7encdata:encrypt error:p12_add.c:219:

运行以下命令时生成错误。

openssl pkcs12 -export -in $cert -inkey $key -name emcauthctomcat -out /tmp/$hostname.tomcat.authc.p12 -password pass:$authc_storepass
openssl pkcs12 -export -in $cert -inkey $key -name emcauthcsaml -out /tmp/$hostname.saml.authc.p12 -password pass:$authc_storepass

Cause

NetWorker 服务器上启用了 FIPS 模式。

Resolution

1.禁用 FIPS 模式,运行 

/usr/local/networker/bin/fips_networker.sh off

2.重新启动 NetWorker 服务器。
3.验证 FIPS 模式是否已禁用:

/usr/local/networker/bin/fips_networker.sh status

将显示以下消息:FIPS:关闭

Additional Information

要替换 NetWorker 身份认证服务自签名证书,请参阅知识库文章:NetWorker:如何导入或替换“authc”和“NWUI”的证书颁发机构签名证书 (Linux)

Article Properties
Article Number: 000273217
Article Type: Solution
Last Modified: 21 Jan 2025
Version:  1
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.