Cisco Cisco Web Security Appliance S170 User Guide
U S I N G T H E F I P S C O N F I G C L I C O M M A N D
C H A P T E R 5 : F I P S M A N A G E M E N T
81
U S I N G T H E F I P S C O N F I G C L I C O M M A N D
AsyncOS for Web includes the
fipsconfig
CLI command to perform the following tasks:
• Initialize the HSM card.
• Read the HSM card status.
• Configure the certificate and key to access the appliance web interface.
• Configure multiple HSM cards to use the same master key.
When you enter
fipsconfig
at the command line, the CLI prompts you to enter the FIPS
Officer password. For more information, see “Working with the FIPS Officer Password” on
page 72.
page 72.
Table 5-1 describes the
fipsconfig
subcommands.
Table 5-1 fipsconfig Subcommands
fipsconfig Subcommand
Description
init
Initializes the card and reboots the Web Security appliance.
For more information, see “Initializing the HSM Card” on page 70.
Note: Some SSH clients automatically lose the SSH connection when
the HSM initializes or when the wrong password is entered 3 times. In
this case, the administrator must manually reboot the appliance by
powering off and on.
For more information, see “Initializing the HSM Card” on page 70.
Note: Some SSH clients automatically lose the SSH connection when
the HSM initializes or when the wrong password is entered 3 times. In
this case, the administrator must manually reboot the appliance by
powering off and on.
getinfo
Displays the HSM card status.
certconfig
Allows you to configure the security certificate and key to access the
Web Security appliance web interface using HTTPS.
Web Security appliance web interface using HTTPS.
This command works similarly to the
certconfig
CLI command.
For more information on using
certconfig
Certificates to the Web Security Appliance” on page 535. For more
information about the requirements involved with uploading a
certificate for web interface access, see “Installing a Server Digital
Certificate” on page 534.
Note: The certificate you upload must be a server certificate, not a root
certificate.
information about the requirements involved with uploading a
certificate for web interface access, see “Installing a Server Digital
Certificate” on page 534.
Note: The certificate you upload must be a server certificate, not a root
certificate.
clonetarget
Clones the HSM card as a target when copying the master key among
multiple HSM cards.
For more information, see “Working with Multiple HSM Cards” on
page 83.
multiple HSM cards.
For more information, see “Working with Multiple HSM Cards” on
page 83.