NSS initialization failure in Centos7 FIPS mode

General support questions
Post Reply
vyshnav
Posts: 59
Joined: 2017/09/12 03:37:54

NSS initialization failure in Centos7 FIPS mode

Post by vyshnav » 2018/07/11 10:30:48

Hi,
In FIPS mode I was using this nsspassword.
“NSS FIPS 140-2 Certificate DB:mypassphrase"

But it is failing with the below error in logs: Jun 27 12:36:11: authentication of "NSS FIPS 140-2 Certificate DB" failed Jun 27
12:36:11: FATAL: NSS initialization failure

I was using CentOS Linux release 7.4.1708 (Core) with libreswan-3.20-3.el7.x86_64.
Could you please help me to resolve this problem.

Regards,
Vyshnav

User avatar
avij
Forum Moderator
Posts: 2718
Joined: 2010/12/01 19:25:52
Location: Helsinki, Finland
Contact:

Re: NSS initialization failure in Centos7 FIPS mode

Post by avij » 2018/07/11 12:21:29

Does the same happen with 7.5.1804? Try yum update.

vyshnav
Posts: 59
Joined: 2017/09/12 03:37:54

Re: NSS initialization failure in Centos7 FIPS mode

Post by vyshnav » 2018/07/18 10:28:40

avij wrote:
2018/07/11 12:21:29
Does the same happen with 7.5.1804? Try yum update.
We are not tested in Centos7.5 , but in Centos7.4 we are facing this problem.
Can you please explain the cause of this issue?

User avatar
avij
Forum Moderator
Posts: 2718
Joined: 2010/12/01 19:25:52
Location: Helsinki, Finland
Contact:

Re: NSS initialization failure in Centos7 FIPS mode

Post by avij » 2018/07/18 12:19:29

I did not say that this is fixed in 7.5.1804, but you should still try to reproduce your problem on a supported release such as 7.5.1804. Perhaps try this on a testing system first.

User avatar
TrevorH
Forum Moderator
Posts: 23867
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: NSS initialization failure in Centos7 FIPS mode

Post by TrevorH » 2018/07/18 13:09:48

We are not tested in Centos7.5 , but in Centos7.4 we are facing this problem.
As you've been told several times, both here and on the mailing list: CentOS only supports the latest version. 7.4 is not the latest version. Run yum update to get up to date on 7.5.

If you have a requirement to stick on a particular point release then you should be using RHEL which has an option to allow you to do this.
CentOS 5 died in March 2017 - migrate NOW!
Full time Geek, part time moderator. Use the FAQ Luke

Post Reply