Cisco Cisco Email Security Appliance C170 Referências técnicas
78
C I S C O I R O N P O R T A S Y N C O S 7 . 3 C L I R E F E R E N C E G U I D E
fipsconfig
Description
The
fipsconfig
command configures the Hardware Security Module (HSM) card and the
Federal Information Processing Standard (FIPS) settings for C670 Email Security appliances
with an HSM card. When you enter
with an HSM card. When you enter
fipsconfig
at the command line, the CLI prompts you
to enter the FIPS Officer password. The default password is
sopin123
.
The fipsconfig command allows you to perform the following:
•
init
- Initializes the HSM card and reboots the appliance.
•
getinfo
- Displays the HSM card status.
•
certconfig
- Configures the certificates and keys for services on the Email Security
appliance. This is similar to the
certconfig
command. See “certconfig” on page 64 for
more information.
•
domainkeysconfig
- Configures keys for DKIM and DomainKeys signing. This is similar
to the domainkeysconfig command. See “domainkeysconfig” on page 43 for more
information.
information.
•
clonetarget
- Clones the HSM card as a target when copying the master key among
multiple HSM cards.
•
clonesource
- Clones the HSM card as a source when copying the master key among
multiple HSM cards.
•
passwd
- Changes the FIPS password.
•
backup
and
restore
- Backs up and restores critical security parameters.
Note — This command is not available on appliances that do not have an HSM card. Only
administrators with the FIPS officer password can use the command. The HSM card will be
reset if you enter the incorrect FIPS Officer password three times.
administrators with the FIPS officer password can use the command. The HSM card will be
reset if you enter the incorrect FIPS Officer password three times.
Usage
Commit: This command does not require ‘commit’.
Cluster Management: This command is available only at the machine level.
Batch Command: This command does not support a batch format.
Example
The following example shows how to display the HSM card status.
Code Example 3-42 fipsconfig
c670q03.qa> fipsconfig
WARNING: Entering wrong password for Crypto Officer three times will
erase all critical information on the HSM card.
Enter the Crypto Officer password: