On the active node:
Complete the steps mentioned in Enabling Sentinel Server to Run in FIPS 140-2 Mode section.
NOTE:Ensure that the required packages for FIPS are installed on all the nodes in HA. For more information about required packages for FIPS, see Installation Checklist
Run the following command to synchronize the configuration properties to all the passive nodes:
csync2 –x –v
Ensure that the folder is synchronized to all the passive nodes:
/etc/opt/novell/sentinel/3rdparty/nss
(Conditional) In case, if /etc/opt/novell/sentinel/3rdparty/nss folder is not synchronized, copy that folder manually from the active node to each of the passive nodes in the cluster:
scp –pr /etc/opt/novell/sentinel/3rdparty/nss <passivenode ip or passivenode name>:/etc/opt/novell/sentinel/3rdparty/
On the passive node:
Make sure that, the nss folder has permission of novell user on the passive node:
Log in to passive node.
Modify the ownership of the folder to novell user:
chown –R novell:novell /etc/opt/novell/sentinel/3rdparty/nss
Set proper permission to the folder:
chmod –R 600 /etc/opt/novell/sentinel/3rdparty/nss
Repeat Step 2a on all the passive nodes in the cluster.
Repeatedly execute the following command from the active node, to ensure that all the FIPS related files are updated on all the passive nodes:
csync2 –x –v