Centrify

Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-7816: OpenSSL crashes with messages “unhandled signal 4” error

Authentication Service ,  

14 November,16 at 08:47 AM

Applies to: Centrify DirectControl Suite 2016 (5.3.0) or below

Question:

OpenSSL crashes with messages “unhandled signal 4” appears in /var/log/messages after installed Centrify onto the machine as shown below:
 
Mar 09 12:16:26 rkanshpc1ems adcert[15598]: WARN cli.adcert No certificate templates were found
Mar 09 12:16:27 rkanshpc1ems kernel: openssl[15859]: unhandled signal 4 at 00003fffb62b0000 nip 00003fffb62b0000 lr 00003fffb63a5564 code 30001
Mar 09 12:16:27 rkanshpc1ems kernel: openssl[15884]: unhandled signal 4 at 00003fff83f20000 nip 00003fff83f20000 lr 00003fff84015564 code 30001

Solution:

The issue appears to be in OpenSSL library, BN (BigNumber) functions. OpenSSL 0.9.8X has been EOL'd, therefore openssl.org will not fix this. While Centrify has been upgraded to OpenSSL 1.0.2g in Suite 2016.1. Therefore, performing an upgrade on Centrify agent to Suite 2016.1 or above should resolve the issue.
 
Workaround:

If upgrading is not an option, as Centrify will only triggers OpenSSL process from the following perl script:
 
/usr/share/centrifdc/sbin/get_crl.pl
/usr/share/centrifydc/mappers/machine/certgp.pl
/usr/share/centrifydc/mappers/machine/rhel_certgp.pl
 
Therefore, if auto-enrollment of certificates and Smart Card support are not being used by the machine, we will suggest disabling the adcert process with the following steps:
 
1) Run:
#cd /usr/share/centrifydc/mappers/machine
 
2) Disable the execution mode of the following script:
- certgp.pl
 
3) Run:
#adgpupdate
 
4) Check to see if the warning still appears
 

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.

Related Articles

 articleKB-5767: Java VM Crashing with Centrify DirectAudit 3.2.2 (Enterprise Suite 2015) and lower version articleCentrify® Cloud 16.4 Release Notes article[How To] Enable Symantec VIP MFA for Centrify Server Suite on Linux Part I article[How To] Enable Symantec VIP MFA for Centrify Server Suite on Linux Part III articleKB-1806: Centrify DirectControl Console report crashes with COM exception errors article[How To] Enable Symantec VIP MFA for Centrify Server Suite on Linux Part II articleKB-6041: How to show current license type in use by adclient articleKB-7555: Unable to login as root after upgrade to Centrify Suite 2016 (CDC 5.3.0) articleKB-6040: How to change the license type in use after adclient successful joined to the AD?