Issue is reproduced on RHEL 6.8 test server {Dated: 04/12/2017}. Initially, FIPS mode is disabled
cat /proc/sys/crypto/fips_enabled
0
then enabled FIPS
cat /proc/sys/crypto/fips_enabled
1
Rebooted the server. After the agent restart, below messages are repeated in /var/log/waagent.log
2017/04/12 20:45:37.445520 ERROR run cmd '/usr/bin/openssl cms -decrypt -in /var/lib/waagent/Certificates.p7m -inkey /var/lib/waagent/TransportPrivate.pem -recip /var/lib/waagent/TransportCert.pem | /usr/bin/openssl pkcs12 -nodes -password pass: -out /var/lib/waagent/Certificates.pem' failed
2017/04/12 20:45:37.487112 ERROR Error Code:1
2017/04/12 20:45:37.493113 ERROR Result:MAC verified OK
Error outputting keys and certificates
140499593189192:error:060740A0:digital envelope routines:EVP_PBE_CipherInit:unknown cipher:evp_pbe.c:186:
140499593189192:error:23077073:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 algor cipherinit error:p12_decr.c:83:
140499593189192:error:2306A075:PKCS12 routines:PKCS12_item_decrypt_d2i:pkcs12 pbe crypt error:p12_decr.c:130:
Issue is reproduced on RHEL 6.8 test server {Dated: 04/12/2017}. Initially, FIPS mode is disabled
then enabled FIPS
Rebooted the server. After the agent restart, below messages are repeated in /var/log/waagent.log
2017/04/12 20:45:37.445520 ERROR run cmd '/usr/bin/openssl cms -decrypt -in /var/lib/waagent/Certificates.p7m -inkey /var/lib/waagent/TransportPrivate.pem -recip /var/lib/waagent/TransportCert.pem | /usr/bin/openssl pkcs12 -nodes -password pass: -out /var/lib/waagent/Certificates.pem' failed
2017/04/12 20:45:37.487112 ERROR Error Code:1
2017/04/12 20:45:37.493113 ERROR Result:MAC verified OK
Error outputting keys and certificates
140499593189192:error:060740A0:digital envelope routines:EVP_PBE_CipherInit:unknown cipher:evp_pbe.c:186:
140499593189192:error:23077073:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 algor cipherinit error:p12_decr.c:83:
140499593189192:error:2306A075:PKCS12 routines:PKCS12_item_decrypt_d2i:pkcs12 pbe crypt error:p12_decr.c:130: