Cannot convert Sentinel to FIPS mode due to an issue with Mozilla NSS

  • 7022883
  • 24-Apr-2018
  • 14-May-2018




If you try to convert Sentinel (Server, RCM or RCE) to FIPS mode either during installation or post installation, an issue with the Mozilla NSS packages that are provided by the SLES 12 operating system prevent the conversion from being completed successfully. The conversion stops at the prompt for the FIPS keystore database password even though the specified password meets the expected criteria.


To convert Sentinel to FIPS mode, perform the following steps:

1. Log in to Sentinel Server, RCM, or RCE as the root user.

2. Launch  YaST software manager by running the following command:

yast sw_single

3. Search for the following packages and install or upgrade to the latest version:




4. Clean up the artifacts from the previous FIPS conversion attempts by running the following commands:

rm -rf /etc/opt/novell/sentinel/3rdparty/nss

rm /etc/opt/novell/sentinel/3rdparty/newpwfile

5. Retry FIPS conversion.


This is caused by an issue with the NSS packages used for the FIPS implementation in Sentinel.