Starting from Sentinel 8.6.1, the communication between OpenSearch and Sentinel is secured, hence OpenSearch certificate needs to be added in the FIPS keystore of the Sentinel server and Remote Collector Managers (RCM).
If Event Visualization is enabled, perform the following steps:
Add the internal OpenSearch certificate generated during the Sentinel installation to the Sentinel server's FIPS keystore using the following command:
./convert_to_fips.sh -i <sentinel_installation_path>/opt/novell/sentinel/3rdparty/opensearch/config/certs/<certificate_name>.pem
Where <certificate_name> has following values:
root_ca
admin
node0
client
Copy the internal OpenSearch certificates
(<sentinel_installation_path>/opt/novell/sentinel/3rdparty/opensearch/config/certs <certificate_name>.pem)
to all the RCMs and import them in the FIPS keystore using the below command:
./convert_to_fips.sh -i <path of the certificate copied above>/<certificate_name>.pem