Environment
Sentinel
Situation
If you try to convert Sentinel (Server, RCM or RCE) to FIPS mode either during installation or post installation, an issue with the Mozilla NSS packages that are provided by the SLES 12 operating system prevent the conversion from being completed successfully. The conversion stops at the prompt for the FIPS keystore database password even though the specified password meets the expected criteria.
Resolution
To convert Sentinel to FIPS mode, perform the following steps:
1. Log in to Sentinel Server, RCM, or RCE as the root user.2. Launch YaST software manager by running the following command:
yast sw_single
3. Search for the following packages and install or upgrade to the latest version:
mozilla-nss-toolslibfreebl3-hmaclibsoftokn3-hmac
4. Clean up the artifacts from the previous FIPS conversion attempts by running the following commands:
rm -rf /etc/opt/novell/sentinel/3rdparty/nss
rm /etc/opt/novell/sentinel/3rdparty/newpwfile
5. Retry FIPS conversion.
Cause
This is caused by an issue with the NSS packages used for the FIPS implementation in Sentinel.