Guest

Preview Tool

Cisco Bug: CSCvt39272 - Unable to extract ITLRecovery.p12 in FIPS mode

Last Modified

Aug 24, 2020

Products (1)

  • Cisco Unified Communications Manager (CallManager)

Known Affected Releases

10.5(2.10000.5) 11.5(1.10000.6) 11.5(1.18900.66) 12.0 12.0(1.10000.10) 12.5(1.10000.22) 12.5(1.13900.48) 14.0

Description (partial)

Symptom:
Unable to extract the ITLRecovery.p12 in FIPS mode

Conditions:
Enable FIPS mode and try to extract ITLRecovery.p12 file using the below command
sudo /usr/local/platform/bin/openssl pkcs12 -in /usr/local/cm/tftp/ITLRecovery.p12  -out /usr/local/platform/.security/ITLRecovery/certs/ITLRecovery.pem   -nokeys -password pass:<password>.
Will get the below error
4144142020:error:060A60A3:digital envelope routines:FIPS_CIPHERINIT:disabled for fips:fips_enc.c:143:
4144142020:error:06074078:digital envelope routines:EVP_PBE_CipherInit:keygen failure:evp_pbe.c:197:
4144142020:error:23077073:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 algor cipherinit error:p12_decr.c:87:
4144142020:error:2306A075:PKCS12 routines:PKCS12_item_decrypt_d2i:pkcs12 pbe crypt error:p12_decr.c:139:
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.