Cisco Cisco Email Security Appliance C650 Guía Del Usuario
27-4
Cisco AsyncOS 9.1 for Email User Guide
Chapter 27 FIPS Management
Checking FIPS Mode Compliance
Procedure
mail.example.com> fipsconfig
FIPS mode is currently enabled.
Choose the operation you want to perform:
- SETUP - Configure FIPS mode.
- FIPSCHECK - Check for FIPS mode compliance.
[]> setup
To finalize FIPS mode, the appliance will reboot immediately. No commit will be required.
Are you sure you want to disable FIPS mode and reboot now ? [N]> n
Do you want to enable encryption of sensitive data in configuration file when FIPS mode is
enabled? Changing the value will result in system reboot [N]> y
Enter the number of seconds to wait before forcibly closing connections.
[30]>
System rebooting. Please wait while the queue is being closed...
Closing CLI connection.
Rebooting the system...
Checking FIPS Mode Compliance
Use the
fipsconfig
command to check if your appliance contains any non-FIPS-compliant objects.
Procedure
mail.example.com> fipsconfig
FIPS mode is currently disabled.
Choose the operation you want to perform:
- SETUP - Configure FIPS mode.
- FIPSCHECK - Check for FIPS mode compliance.
[]> fipscheck
All objects in the current configuration are FIPS compliant.
FIPS mode is currently disabled.
Managing Certificates and Keys
AsyncOS allows you to encrypt communications between the appliance and external machines by using
a certificate and private key pair. You can upload an existing certificate and key pair, generate a
self-signed certificate, or generate a Certificate Signing Request (CSR) to submit to a certificate
authority to obtain a public certificate. The certificate authority will return a trusted public certificate
signed by a private key that you can then upload onto the appliance.
a certificate and private key pair. You can upload an existing certificate and key pair, generate a
self-signed certificate, or generate a Certificate Signing Request (CSR) to submit to a certificate
authority to obtain a public certificate. The certificate authority will return a trusted public certificate
signed by a private key that you can then upload onto the appliance.
When the appliance is in FIPS mode, you can continue to
The appliance’s FIPS mode adds a number of restrictions to the certificates that the appliance uses in
order for the appliance to be FIPS compliant. Certificates must use one of the following signature
algorithms: SHA-1, SHA-224, SHA-256, SHA-384, and SHA-512.
order for the appliance to be FIPS compliant. Certificates must use one of the following signature
algorithms: SHA-1, SHA-224, SHA-256, SHA-384, and SHA-512.