Cisco Cisco Web Security Appliance S170 Guia Do Utilizador

U S I N G T H E F I P S C O N F I G C L I C O M M A N D

C H A P T E R 5 : F I P S M A N A G E M E N T

U S I N G T H E F I P S C O N F I G C L I C O M M A N D

AsyncOS for Web includes the

fipsconfig

CLI command to perform the following tasks:

• Initialize the HSM card.

• Read the HSM card status.

• Configure the certificate and key to access the appliance web interface.

• Configure multiple HSM cards to use the same master key.

When you enter

fipsconfig

at the command line, the CLI prompts you to enter the FIPS

Officer password. For more information, see “Working with the FIPS Officer Password” on
page 72.

Table 5-1 describes the

fipsconfig

subcommands.

Table 5-1 fipsconfig Subcommands

fipsconfig Subcommand

Description

init

Initializes the card and reboots the Web Security appliance.
For more information, see “Initializing the HSM Card” on page 70.
Note: Some SSH clients automatically lose the SSH connection when
the HSM initializes or when the wrong password is entered 3 times. In
this case, the administrator must manually reboot the appliance by
powering off and on.

getinfo

Displays the HSM card status.

certconfig

Allows you to configure the security certificate and key to access the
Web Security appliance web interface using HTTPS.

This command works similarly to the

certconfig

CLI command.

For more information on using

certconfig

, see “Uploading

Certificates to the Web Security Appliance” on page 535. For more
information about the requirements involved with uploading a
certificate for web interface access, see “Installing a Server Digital
Certificate” on page 534.
Note: The certificate you upload must be a server certificate, not a root
certificate.

clonetarget

Clones the HSM card as a target when copying the master key among
multiple HSM cards.
For more information, see “Working with Multiple HSM Cards” on
page 83.