Cannot convert Sentinel to FIPS mode due to an issue with Mozilla NSS

  • 7022883
  • 24-Apr-2018
  • 14-May-2018

Environment

Sentinel

Situation

If you try to convert Sentinel (Server, RCM or RCE) to FIPS mode either during installation or post installation, an issue with the Mozilla NSS packages that are provided by the SLES 12 operating system prevent the conversion from being completed successfully. The conversion stops at the prompt for the FIPS keystore database password even though the specified password meets the expected criteria.

Resolution

To convert Sentinel to FIPS mode, perform the following steps:

1. Log in to Sentinel Server, RCM, or RCE as the root user.

2. Launch  YaST software manager by running the following command:

yast sw_single

3. Search for the following packages and install or upgrade to the latest version:

mozilla-nss-tools 

libfreebl3-hmac 

libsoftokn3-hmac 

4. Clean up the artifacts from the previous FIPS conversion attempts by running the following commands:

rm -rf /etc/opt/novell/sentinel/3rdparty/nss

rm /etc/opt/novell/sentinel/3rdparty/newpwfile

5. Retry FIPS conversion.

Cause

This is caused by an issue with the NSS packages used for the FIPS implementation in Sentinel.

Feedback service temporarily unavailable. For content questions or problems, please contact Support.