On 12/17/2012 12:32 PM, Jerry Blasdel wrote: > All, > > We are trying to get a FIPS enabled Apache 2.4.3 built with OpenSSL 1.01. > > Everything appeared to build correctly but when we try to start Apache > with SSLFIPS on directive we get the following error: > > ... > Library Error: error:2D06B06F:FIPS > routines:FIPS_check_incore_fingerprint:fingerprint does not match > [Mon Dec 17 17:23:13.134150 2012] [ssl:emerg] [pid 10703:tid 1] AH02312: > Fatal error initialising mod_ssl, exiting. > /WWW/apache2/apache/logs > > What could be the cause of this error?
There are a multitude of ways the special FIPS module link could fail. But, I suspect your problem probably has nothing to do with Apache httpd. Absent some very unusual circumstances any system that is running httpd should be using shared OpenSSL libraries, which means it is your "FIPS capable" OpenSSL that was not built correctly. Have you tried following the examples of building "FIPS capable" OpenSSL libraries in the User Guide? -Steve M. -- Steve Marquess OpenSSL Software Foundation, Inc. 1829 Mount Ephraim Road Adamstown, MD 21710 USA +1 877 673 6775 s/b +1 301 874 2571 direct marqu...@opensslfoundation.com marqu...@openssl.com ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
