DAP HA Install Failure - OpenSSL FIPS

Hi All,

I am trying to install DAP HA 11.3.0 using the DAP 11.3 doc - ‘Setup an HA Cluster’. During the first docker exec step using the self-signed feature ‘–master-altnames’ I get an error indicating that the version of OpenSSL in the container does not support FIPS mode. This breaks the install process.

image1244×257 11.5 KB

The OpenSSL doc states that FIPS mode is only supported in two releases: 1.0.1 and 1.0.2.

image1788×300 253 KB

When I login into the DAP container, I can see that the container using OpenSSL version is 1.1.1.

Has anyone else had this issue? And how did you get past this problem?

thanks, ed carter

Hi @encarter3,
I am trying to get someone on the dev team that worked on this release to answer your question but it may be early next week before someone gets to it.

Srdjan

Hi @encarter3,
Making DAP FIPS compliance is part of our roadmap.

Hila

Hi Hila,

Actually I am not interested in FIPS compliance at this time. I just want to install the HA DAP.

It is failing because your installation script is requiring FIPS compliance.

Thanks for looking!

Hello @encarter3 -

I’ve read through your post, and I’d recommend opening a support case if you haven’t already. These sorts of issues can be very difficult to troubleshoot over Discourse, but we’d love to help get you up and running.

Please let us know if you have any questions about how to do this.

Thanks!
Geri

The problem was that FIPS was enabled in the underlying operating system. If FIPS is enabled in RHEL, it will cause FIPS to be enabled in docker.

So the solution is to fix the FIPS problem and then reboot. In my case, it looks like FIPS was accidentally enabled during a yum update/install.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.