FIPS enabled RHEL 9 system fails to upload OpenSCAP report to Red Hat Satellite 6 with an error "Unable to load certs"

Solution Verified - Updated

Environment

  • Red Hat Satellite 6.11 and above
  • Red Hat Enterprise Linux 9

Issue

  • Unable to upload OpenSCAP report to the Red Hat Satellite 6 server after the scanning has been completed.

    Unable to load certs
Neither PUB key nor PRIV key

Resolution

Diagnostic Steps

  • Following error can be observed while uploading OpenSCAP report from FIPS enabled RHEL 9 system registered with Red Hat Satellite 6.11 and above:

       # /usr/bin/foreman_scap_client ds 2
   DEBUG: running: oscap xccdf eval  --profile xccdf_org.ssgproject.content_profile_cis  --results-arf /tmp/d20230207-13679-39jgxn/results.xml 
   /var/lib/openscap/content/5d420xxxxxxx.xml
   WARNING: Datastream component 'scap_org.open-scap_cref_security-data-oval-com.redhat.rhsa-RHEL9.xml.bz2' points out to the remote 
   'https://access.redhat.com/security/data/oval/com.redhat.rhsa-RHEL9.xml.bz2'. Use '--fetch-remote-resources' option to download it.
   WARNING: Skipping 'https://access.redhat.com/security/data/oval/com.redhat.rhsa-RHEL9.xml.bz2' file which is referenced from datastream
   WARNING: Skipping ./security-data-oval-com.redhat.rhsa-RHEL9.xml.bz2 file which is referenced from XCCDF content
   DEBUG: running: /usr/bin/env bzip2 /tmp/d20230207-13679-39jgxn/results.xml
   Uploading results to https://satellite.example.com:9090/compliance/arf/2

   Unable to load certs
   Neither PUB key nor PRIV key
SBR
Product(s)
Components
Category
Tags

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.