21.1 Enabling Mutual SSL Communication and Certificate Revocation List

To enable the mutual SSL communication and CRL in the Sentinel server:

  1. Go to the <sentinel_installation_path>/opt/novell/sentinel/bin directory.

  2. Run the following command to switch to novell user:

    su novell

  3. Run the following command as novell user:

    ./createDefaultMutualCert.sh

  4. Enter the name of the CRL Certificate with extension .p12.

  5. Enter the Sentinel internal certificate password.

  6. The sentinel server is restarted. You can find the newly created certificate at following location:

    /etc/opt/novell/sentinel/config

  7. In Collector Manager and Correlation Engine, go to the following directory:

    <sentinel_installation_path>/opt/novell/sentinel/setup

  8. Run the following command and then follow the instructions to make Collector Manager and Correlation Engine compatible with the Sentinel server:

    ./configure.sh

    NOTE:If the Collector Manager and Correlation Engine are in CRL mode and not able to connect to the server, then upgrade the cURL version on the machine to 7.60 or above.

  9. (Conditional) If the certificate is created through the script before converting the server into FIPS mode, then complete the following steps:

    1. Go to <sentinel_installation_path>/opt/novell/sentinel/bin/.

    2. Run the following command:

      ./convert_to_fips -i <sentinel_installation_path>
/etc/opt/novell/sentinel/config/
.nameofcrlcertificate.p12

    3. Restart Sentinel:

      systemctl restart sentinel.service

      or

      <sentinel_installation_path>/opt/novell/sentinel/bin/server.sh restart

NOTE:If the Collector Manager and Correlation Engine are in CRL mode and not able to connect to the server, then upgrade the cURL version on the machine to 7.60 or above.