You must enable FIPS 140-2 mode on the remote Collector Manager and Correlation Engine if you want to use FIPS-approved communications with the Sentinel server running in FIPS 140-2 mode.
To enable a remote Collector Manager or Correlation Engine to run in FIPS 140-2 mode:
Login to the remote Collector Manager or Correlation Engine system.
Switch to novell user:
su novell
Browse to the bin directory. The default location is /opt/novell/sentinel/bin.
Run the convert_to_fips.sh script and follow the on-screen instructions.
Copy the internal Elasticsearch http certificate (<sentinel_installation_path>/opt/novell/sentinel/3rdparty/elasticsearch/config/http.pks in the Sentinel server) generated during the Sentinel install and add the path of the Elasticsearch http certificate copied above <path of the certificate copied above>/<certificate name> when it prompts for the external certificate.
(Conditional) If Elasticsearch is in cluster mode, copy all the external Elasticsearch nodes http certificate created in the section Settings in Elasticsearch for Secure Cluster Communication to the Remote Collector Manager. Add the path of the Elasticsearch http certificate copied above <path of the certificates copied above>/<certificates name> when it prompts for the external certificate. Repeat this step to ensure all the external Elasticsearch certificates are added.
Restart the Collector Manager or Correlation Engine.
Complete the FIPS 140-2 mode configuration by following the tasks mentioned in Section 23.0, Operating Sentinel in FIPS 140-2 Mode.