Cisco Cisco Web Security Appliance S170 사용자 가이드

To back up the certificates and keys the HSM card manages:

From the FIPS management console, click Edit Settings in the Key Management section.

The Edit Key Management Settings page displays.

Scroll down to the Backup Certificates and Keys section, and choose the file name to use for the XML 
file that will contain the encrypted certificate and key pairs. You can define your own file name or 
AsyncOS for Web can choose one for you.

Click Backup.

Choose to save the file, and click OK.

Navigate to the directory on the local machine to where you want to save the XML file, and click Save.

When you back up the certificates and keys the HSM card manages, the keys are encrypted. Because the 
keys are encrypted, they can only be restored on a different FIPS-compliant Web Security appliance if 
the master key on the other appliance is the same as the one from which the certificates and keys were 
backed up. Note that when the HSM card gets initialized, its master key changes. For more information 
on copying the master key between appliances, see 

To restore a certificate and key pair stored in an XML file:

From the FIPS management console, click Edit Settings in the Key Management section.

The Edit Key Management Settings page displays.

Scroll down to the Restore Certificates and Keys section, and click Browse.

Navigate to the directory on the local machine where the XML file resides, and click Open.

Click the check boxes for the certificate and key pairs you want to restore. 

Click Restore.

AsyncOS for Web includes the 

fipsconfig

 CLI command to perform the following tasks:

Initialize the HSM card.

Read the HSM card status.

Configure the certificate and key to access the appliance web interface.

Configure multiple HSM cards to use the same master key.

When you enter 

 at the command line, the CLI prompts you to enter the FIPS Officer 

password. For more information, see 

.