Raritan Computer DKX2-V2.3.5-0N-E User Manual
Chapter 9: Security Management
204
Enabling FIPS 140-2
For government and other high security environments, enabling FIPS
140-2 mode may be desirable. The KX II uses an embedded FIPS
140-2-validated cryptographic module running on a Linux
140-2 mode may be desirable. The KX II uses an embedded FIPS
140-2-validated cryptographic module running on a Linux
®
platform per
FIPS 140-2 Implementation Guidance section G.5 guidelines. Once this
mode is enabled, the private key used to generate the SSL certificates
must be internally generated; it cannot be downloaded or exported.
mode is enabled, the private key used to generate the SSL certificates
must be internally generated; it cannot be downloaded or exported.
To enable FIPS 140-2:
1. Access the Security Settings page.
2. Enable FIPS 140-2 Mode by selecting the Enable FIPS 140-2
checkbox in the Encryption & Share section of the Security Settings
page. You will utilize FIPS 140-2 approved algorithms for external
communications once in FIPS 140-2 mode. The FIPS cryptographic
module is used for encryption of KVM session traffic consisting of
video, keyboard, mouse, virtual media and smart card data.
page. You will utilize FIPS 140-2 approved algorithms for external
communications once in FIPS 140-2 mode. The FIPS cryptographic
module is used for encryption of KVM session traffic consisting of
video, keyboard, mouse, virtual media and smart card data.
3. Reboot the KX II. Required
Once FIPS mode is activated, 'FIPS Mode: Enabled' will be displayed
in the Device Information section in the left panel of the screen.
in the Device Information section in the left panel of the screen.
For additional security, you can also create a new Certificate Signing
Request once FIPS mode is activated. This will be created using the
required key ciphers. Upload the certificate after it is signed or create
a self-signed certificate. The SSL Certificate status will updated from
'Not FIPS Mode Compliant' to 'FIPS Mode Compliant'.
Request once FIPS mode is activated. This will be created using the
required key ciphers. Upload the certificate after it is signed or create
a self-signed certificate. The SSL Certificate status will updated from
'Not FIPS Mode Compliant' to 'FIPS Mode Compliant'.
When FIPS mode is activated, key files cannot be downloaded or
uploaded. The most recently created CSR will be associated
internally with the key file. Further, the SSL Certificate from the CA
and its private key are not included in the full restore of the
backed-up file. The key cannot be exported from KX II.
uploaded. The most recently created CSR will be associated
internally with the key file. Further, the SSL Certificate from the CA
and its private key are not included in the full restore of the
backed-up file. The key cannot be exported from KX II.
FIPS 140-2 Support Requirements
The KX II supports the use of FIPS 140-20 approved encryption
algorithms. This allows an SSL server and client to successfully
negotiate the cipher suite used for the encrypted session when a client is
configured for FIPS 140-2 only mode.
algorithms. This allows an SSL server and client to successfully
negotiate the cipher suite used for the encrypted session when a client is
configured for FIPS 140-2 only mode.
Following are the recommendations for using FIPS 140-2 with the KX II:
KX II
Set the Encryption & Share to Auto on the Security Settings page.
See Encryption & Share.
See Encryption & Share.
Microsoft Client