This section describes how to configure Sentinel integration when Sentinel, Secure Configuration Manager, or both are in FIPS mode.
For information about FIPS mode configuration in Sentinel, see the Sentinel Documentation.
By default, FIPS mode enabled Sentinel uses a NSS provider. To connect to the Secure Configuration Manager server, you need to add the Secure Configuration Manager server certificate to Sentinel's NSS truststore.
To add the Secure Configuration Manager server certificate to Sentinel's NSS truststore:
Export the Secure Configuration Manager certificate to Sentinel NSS truststore from vtls.keystore using keytool.
Import the Secure Configuration Manager certificate to FIPS mode enabled Sentinel.
When Secure Configuration Manager is in FIPS mode, it uses a NSS provider. You need to import the Sentinel certificate to the Secure Configuration Manager NSS database.
To export a Sentinel Server certificate and import it to the Secure Configuration Manager Server:
Export the Sentinel web server certificate.
Import the certificate to the Secure Configuration Manager server.
If Sentinel and Secure Configuration Manager are both in FIPS mode, each uses a NSS provider. You need to import each application’s certificate into the other application’s NSS Keystore.
To import the Secure Configuration Manager certificate to Sentinel:
Export the certificate from the Secure Configuration Manager NSS Store.
Enter Password or PIN for the NSS FIPS Certificate DB. You can also specify it in the nss/keystore/password field in the Advanced tab of the Core Services Configuration Utility.
Import the certificate to the Sentinel server.
Set the trust flags.
To import the Sentinel certificate to Secure Configuration Manager:
Export the certificate from the Sentinel NSS Store.
Import the certificate to Secure Configuration Manager.
Set the certificate flag.