When trying to run Symantec Control Compliance Suite (CCS) for UNIX setfips.vbs an error is returned that certificates are not found and the script aborts

book

Article ID: 158340

calendar_today

Updated On:

Products

Control Compliance Suite Unix

Issue/Introduction

When trying to run Symantec Control Compliance Suite (CCS) for UNIX setfips.vbs an error is returned that certificates are not found and the script aborts.  The command is run as <drive>:\<install path>\Symantec\RMS\Tools\cscript setfips.vbs and then returns the error.  The customer already had FIPS-enabled in the CCS for UNIX product.  However, the script was being run to troubleshoot errors registering a remote CCS for UNIX Agent.  An error was then observed fro the VBS script and that setfips.vbs was no longer functional.  The error message displayed does not describe which certificates are missing in order to restore these certificates and resolve the VBS script issue.

run c:\<install path>\Symantec\RMS\Tools>cscript setfips.vbs
Enable FIPS mode
Do you want to continue? (Y)es/(N)o
y
User selected 'Yes'. Proceeding configure FIPS mode.
Error - Certificates for the following product(s) not found.
- bv-Control for UNIX
c:\<install path>\Symantec\RMS\Tools>
 

Cause

Any of the following four *.pem files are missing from the CCS for UNIX installation
and will cause setfips.vbs to fail when executed:

"dn:\Program Files (x86)\Symantec\RMS\Control\UNIX\certs\fips\cert.pem" 
"dn:\Program Files (x86)\Symantec\RMS\Control\UNIX\certs\fips\key.pem" 
“dn:\Program Files (x86)\Symantec\RMS\Control\UNIX\certs\fips\bvcert.pem" 
“dn:\Program Files (x86)\Symantec\RMS\Control\UNIX\certs\bvcert.pem"

Resolution

1.)  If open, close the CCS for UNIX Console.
2.)  Re-run the current PCU that has been applied to the CCS for UNIX installation.
(for this issue it was 2013-1 PCU).
3.)  On the menu option, choose Repair/Reinstall.
4.)  Wait for Repair/Reinstall to complete. Click Finish.
5.)  Independently verify from Windows Explorer that the following *.pem files exist:
            "dn:\Program Files (x86)\Symantec\RMS\Control\UNIX\certs\fips\cert.pem" 
            "dn:\Program Files (x86)\Symantec\RMS\Control\UNIX\certs\fips\key.pem" 
            “dn:\Program Files (x86)\Symantec\RMS\Control\UNIX\certs\fips\bvcert.pem" 
            “dn:\Program Files (x86)\Symantec\RMS\Control\UNIX\certs\bvcert.pem"
6.)  Rerunning run c:\<install path>\Symantec\RMS\Tools>cscript setfips.vbs will
then produce a successful FIPS enabled CCS for UNIX installation.
 


Applies To

Microsoft Windows Server 2003
Symantec CCS for UNIX 10.5.1 10.5.1, 2013-1 PCU