Enabling FIPS causes insights-client to fail, cannot update
When I enable FIPS using the playbook or fips-mode-setup --enable
I begin to get SSL errors on both insights-client
and system updates with yum
or dnf
.
Is there a missing step to refresh certificates?
Or is it possible that insights, and dnf, use SSL certificates that are not FIPS compatible?
EXAMPLE ERROR:
DEBUG insights.client.collection_rules STDOUT: b'gpg: out of core handler ignored in FIPS mode\ngpg: Signature made Mon Jun 19 05:20:00 2023 PDT\ngpg: using RSA key 7514F77D8366B0D9\ngpg: Good signature from "Red Hat, Inc. (tools key) secalert@redhat.com" [unknown]\ngpg: WARNING: This key is not certified with a trusted signature!\ngpg: There is no indication that the signature belongs to the owner.\nPrimary key fingerprint: 8B12 20FC 564E 9583 2002 05FF 7514 F77D 8366 B0D9\n'