ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

CAPKI install unsuccessful on RedHat 7.x server


Article ID: 40253


Updated On:


CA Virtual Privilege Manager CA Privileged Identity Management Endpoint (PIM) CA Privileged Access Manager (PAM)




When install PIM 12.8SP1 on RedHat 7.x server CAKPI component will generate following error:

CA ControlMinder sechkey v12.81.0.1912 - internal key changer 

Copyright (c) 2013 CA. All rights reserved. 

Failed with error code 0x2a023 

ETPKI error stack: 

- Empty or NULL serial number 

CA ControlMinder sechkey v12.81.0.1912 - Changes the encryption key for various programs





OS: RedHat Linux 7.x




When PIM install CAPKI component, it retrieve MAC address of the server using ifconfig and store it in SERIAL of <PIMInstallDir>/data/crypto/sub_cert_info file.

From Redhat 7.x ifconfig command result changed cause PIM cannot retrieve MAC address of the server and result in Empty or NULL serial number.

Below is the difference in Redhat 6.x and 7.x.

RedHat 6.x:

eth0      Link encap:Ethernet  HWaddr 00:50:56:9B:6D:CF

          inet addr:  Bcast:  Mask:

          inet6 addr: dc00:7a06:a114:1:250:56ff:fe9b:6dcf/64 Scope:Global

          inet6 addr: fe80::250:56ff:fe9b:6dcf/64 Scope:Link


          RX packets:15975521 errors:0 dropped:0 overruns:0 frame:0

          TX packets:565399 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:1000

          RX bytes:1593809157 (1.4 GiB)  TX bytes:4071000110 (3.7 GiB)


RedHat 7.x:

eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500

        inet  netmask  broadcast

        inet6 fe80::250:56ff:fe23:1f75  prefixlen 64  scopeid 0x20<link>

       ether 00:50:56:23:1f:75  txqueuelen 1000  (Ethernet)

        RX packets 52531  bytes 4313664 (4.1 MiB)

        RX errors 0  dropped 0  overruns 0  frame 0

        TX packets 19895  bytes 10742337 (10.2 MiB)

        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0




To mitigate this problem T540336 fix need to be applied.

Follow below instruction to apply the fix.

1. Unpack the test fix in a temporary directory.

   zcat T540336.tar.Z | tar xvf -

2. Unpack rhel7key.tgz

   tar -zxvf rhel7key

3. Apply the fix.

   ./uxpatcher patcher.ini


Note:  Customer need to engage with CA support to get Test fix and fix will be included in future release.






Release: ACP1M005900-12.8-Privileged Identity Manager