Issue: If the Change Guardian server is FIPS-mode enabled and the server is restarted, the server logs an error message:
"An unexpected exception occurred while decrypting data failed. Root cause: CKR_ENCRYPTED_DATA_INVALID (sun.security.pkcs11.wrapper.PKCS11Exception) java.security.ProviderException: doFinal() failed"
(Bug 1129167)
Workaround: You can ignore the exception.
Issue: When you create or modify an LDAP connection (CONFIGURATION > LDAP Connections) in FIPS mode, and specify a previously uploaded SSL certificate, the LDAP Configuration page displays an error: “File already exists.” (Defect 310249)
Workaround: Delete the certificate manually and create the LDAP connection.
To delete:
List the certificates:
certutil -L -d sql:/etc/opt/novell/sentinel/3rdparty/nss/
Delete the SSL certificate:
certutil -d sql:/etc/opt/novell/sentinel/3rdparty/nss/ -D -n <certificate nickname>
Issue: In the Configuration tab, if the User Container check box is selected while adding the LDAP connections, AD accounts functionality fails in FIPS 140-2 mode. (Defect 633066)
Workaround: Make sure you are not selecting User Container Details check box.