Trying to setup Secure CORBA with custom certificates according to the documentation:
Follow the steps and use the OpenSSL tool to generate the certificates, but the generated certificates doesn't work.
While Secure CORBA set up with the default self-signed certificates shipped with the product works fine.
OpenSSL on RHEL8 (OpenSSL 1.1.1k FIPS 25 Mar 2021) is not supported.
Release : 21.2
Component : Spectrum OneClick
OS : Linux RHEL 8.x
There is a known limitation with OpenSSL on RHEL 8.x (OpenSSL 1.1.1k FIPS) due to Java compatibility.
Use OpenSSL tool from RHEL 7.x (OpenSSL 1.0.2k-fips) to create the keystore - this will work fine.
These are the currently tested and working environments for certificates generation with OpenSSL:
-RHEL 7.x with OpenSSL version 1.0.2k-fips.
-Windows Cygwin bash (shipped by Spectrum) with OpenSSL version: 1.0.2n
So for now, until the issue is resolved by Oracle/OpenSSL, customer can
Use Spectrum on Windows platform to generate certs.
Or keep an RHEL 7.x system available (in shutdown state) and use it to generate certificates when needed.
There is a ticket opened with Micro Focus for the component Visibroker. This problem is due to the compatibility issues introduced in OpenSSL 1.1.1x with Java8. OpenSSL 1.1.1x uses PKCS5 Version 2 algorithms and Java is unable to handle this version. So, they recommend to generate the certificates with an older version of OpenSSL until Oracle/OpenSSL address the issue.