You must enable FIPS 140-2 mode on the remote Collector Manager and Correlation Engine if you want to use FIPS-approved communications with the Sentinel server running in FIPS 140-2 mode.
To enable a remote Collector Manager or Correlation Engine to run in FIPS 140-2 mode:
Navigate to <sentinel_installation_path>/opt/novell/sentinel/3rdparty/opensearch/config/certs/in the Sentinel server.
Copy node.pem, client.pem, root-ca.pem and admin.pemcertificate files to all the RCMs.
Login to the remote Collector Manager or Correlation Engine system.
Switch to novell user:
su novell
Navigate to the bin directory. The default location is /opt/novell/sentinel/bin.
Run the convert_to_fips.sh script and follow the on-screen instructions.
Provide the path of the OpenSearch certificates, when prompted for the external certificate, as <path of the certificate copied above>/<certificate_name>.pem.
Where <certificate_name> has following values:
root-ca
admin
node
client
NOTE:For each external certificate prompt, add the above certificates one by one, with the respective path.
For example:
<path of the certificate copied above>/root-ca.pem
Provide a unique alias name for this certificate when prompted. Repeat the step to add all the four certificates one by one and provide unique alias name to each of them when prompted.
Restart the Collector Manager or Correlation Engine.
Complete the FIPS 140-2 mode configuration by following the tasks mentioned in Section 23.0, Operating Sentinel in FIPS 140-2 Mode.