Skip to Main Content

Unable to import certificate on OL8.5 UEK6 server running in VMWare

jtaylor_75Mar 29 2022

Having an issue importing a cert using mokutil on a OL8.5 UEK6 instance (kernel 5.4.17-2136.305.5.3.el8uek.x86_6) running in VMWare ESXi, 7.0.2, 17867351.
We run
# sudo mokutil --import <cert file>
# Reboot
Mokutil import utility starts, cert appears to import. After reboot cert shows when running 'mokutil --list-enrolled' but does not show as being loaded in dmesg log or in /proc/keys.
We have a virtually identical instance running on Hyper-V, same kernel and all, that is not having this issue. We are able to import the cert on the instance running in Hyper-V and it shows in /proc/keys. Thinking the issue may be specific to VMWare, but we're not sure how? We have tried with secure boot off and on and still have the same issue. This is a public code signing cert for CrowdStrike Falcon Endpoint Protection that we are trying to import. We're reaching out to vendors as well but so far no one has had a solution. Thought I would try here to see if anyone else has seen this?

Post Details
Added on Mar 29 2022