You must insert certificates into the Sentinel FIPS keystore database to establish secure (SSL) communications from the components that own those certificates to Sentinel. You cannot upload certificates by using the Sentinel user interface when FIPS 140-2 mode is enabled. You must manually import the certificates into the FIPS keystore database.
For event sources that are using Connectors deployed to a remote Collector Manager, you must import the certificates to the FIPS keystore database of the remote Collector Manager rather than the central Sentinel server.
To import certificates to the FIPS Keystore Database:
Copy the certificate file to any temporary location on the Sentinel server or remote Collector Manager.
Browse to the Sentinel bin directory. The default location is /opt/novell/sentinel/bin.
Run the following command to import the certificate into the FIPS keystore database, and then follow the on-screen instructions:.
./convert_to_fips.sh -i <certificate file path>
Enter yes or y when prompted to restart the Sentinel server or remote Collector Manager.