Credhub release fails to deploy db instance after enabling FIPs
search cancel

Credhub release fails to deploy db instance after enabling FIPs

book

Article ID: 389694

calendar_today

Updated On:

Products

VMware Tanzu Platform Concourse for VMware Tanzu Pivotal Concourse

Issue/Introduction

Pre-start logs show the following error

4027FEF9CE7F0000:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:../crypto/evp/evp_fetch.c:349:Global default library context, Algorithm (PKCS12KDF : 0), Properties (<null>)
4027FEF9CE7F0000:error:1180006B:PKCS12 routines:PKCS12_PBE_keyivgen_ex:key gen error:../crypto/pkcs12/p12_crpt.c:55:
4027FEF9CE7F0000:error:11800067:PKCS12 routines:PKCS12_item_i2d_encrypt_ex:encrypt error:../crypto/pkcs12/p12_decr.c:191:
4027FEF9CE7F0000:error:11800067:PKCS12 routines:PKCS12_pack_p7encdata_ex:encrypt error:../crypto/pkcs12/p12_add.c:133:

Environment

 

 

Resolution

This is a known issue fixed in credhub release 2.12.56 and later.  If this instance of credhub is being used with concourse you can check what versions are compatible by checking the concourse-bosh-deployment versions.yml file.  Simply change from master branch to the tagged version of your concourse deployment.  For example if deploying concourse 7.11.2 then credhub version 2.12.60 should be used.  

Powered by Wolken Software