CAPKI install unsuccessful on RedHat 7.x server

book

Article ID: 40253

calendar_today

Updated On:

Products

CA Virtual Privilege Manager CA Privileged Identity Management Endpoint (PIM) CA Privileged Access Manager (PAM)

Issue/Introduction

Symptom:

 

When install PIM 12.8SP1 on RedHat 7.x server CAKPI component will generate following error:

CA ControlMinder sechkey v12.81.0.1912 - internal key changer 

Copyright (c) 2013 CA. All rights reserved. 

Failed with error code 0x2a023 

ETPKI error stack: 

- Empty or NULL serial number 

CA ControlMinder sechkey v12.81.0.1912 - Changes the encryption key for various programs

 

Environment:

 

PIM:12.8SP1

OS: RedHat Linux 7.x

 

Cause:

 

When PIM install CAPKI component, it retrieve MAC address of the server using ifconfig and store it in SERIAL of <PIMInstallDir>/data/crypto/sub_cert_info file.

From Redhat 7.x ifconfig command result changed cause PIM cannot retrieve MAC address of the server and result in Empty or NULL serial number.

Below is the difference in Redhat 6.x and 7.x.

RedHat 6.x:

eth0      Link encap:Ethernet  HWaddr 00:50:56:9B:6D:CF

          inet addr:10.131.115.214  Bcast:10.131.115.255  Mask:255.255.254.0

          inet6 addr: dc00:7a06:a114:1:250:56ff:fe9b:6dcf/64 Scope:Global

          inet6 addr: fe80::250:56ff:fe9b:6dcf/64 Scope:Link

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:15975521 errors:0 dropped:0 overruns:0 frame:0

          TX packets:565399 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:1000

          RX bytes:1593809157 (1.4 GiB)  TX bytes:4071000110 (3.7 GiB)

 

RedHat 7.x:

eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500

        inet 192.168.2.225  netmask 255.255.255.0  broadcast 192.168.2.255

        inet6 fe80::250:56ff:fe23:1f75  prefixlen 64  scopeid 0x20<link>

       ether 00:50:56:23:1f:75  txqueuelen 1000  (Ethernet)

        RX packets 52531  bytes 4313664 (4.1 MiB)

        RX errors 0  dropped 0  overruns 0  frame 0

        TX packets 19895  bytes 10742337 (10.2 MiB)

        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

 

Resolution:

 

To mitigate this problem T540336 fix need to be applied.

Follow below instruction to apply the fix.

1. Unpack the test fix in a temporary directory.

   zcat T540336.tar.Z | tar xvf -

2. Unpack rhel7key.tgz

   tar -zxvf rhel7key

3. Apply the fix.

   ./uxpatcher patcher.ini

 

Note:  Customer need to engage with CA support to get Test fix and fix will be included in future release.

 

 

 

 

Environment

Release: ACP1M005900-12.8-Privileged Identity Manager
Component: