Cisco Cisco Email Security Appliance C170 Guia Do Utilizador
1-5
Cisco IronPort AsyncOS 7.3 for Email Advanced Configuration Guide
OL-23081-01
Chapter 1 FIPS Management
Cisco does not recommend using the IronPort Appliance FIPS Demo Certificate
for other services, such as message delivery and receiving.
for other services, such as message delivery and receiving.
When the HSM card is initialized and depending on the organization’s needs, the
FIPS Officer may upload different certificates and keys by performing any of the
following:
FIPS Officer may upload different certificates and keys by performing any of the
following:
•
Log into the appliance using the CLI and import a different certificate and key
pair to allow HTTPS access to the web interface instead of using the IronPort
Appliance FIPS Demo Certificate. Do this using the
pair to allow HTTPS access to the web interface instead of using the IronPort
Appliance FIPS Demo Certificate. Do this using the
fipsconfig >
certconfig
CLI command. For more information, see
.
•
Log into the web interface and import or generate certificate and key pairs for
Email Security appliance services such as SMTP sending and receiving,
destination controls, and LDAP. Do this using by clicking Add Certificate on
the FIPS Management console page. For more information, see
Email Security appliance services such as SMTP sending and receiving,
destination controls, and LDAP. Do this using by clicking Add Certificate on
the FIPS Management console page. For more information, see
.
•
Log into the web interface and import or generate signing keys for DKIM and
DomainKeys signing. Do this using Add Key or Import Keys on the FIPS
Management console page. For more information, see
DomainKeys signing. Do this using Add Key or Import Keys on the FIPS
Management console page. For more information, see
.
Note
Some SSH clients and web browsers automatically lose the SSH or HTTPS
connection when the HSM initializes or when the wrong password is entered three
times. If a user enters the wrong password three times via SSH, attempting to log
back into the appliance via HTTP will result in an error message because the
connection will not redirect to HTTPS. In these cases, the administrator must
manually reboot the appliance by powering it off and on.
connection when the HSM initializes or when the wrong password is entered three
times. If a user enters the wrong password three times via SSH, attempting to log
back into the appliance via HTTP will result in an error message because the
connection will not redirect to HTTPS. In these cases, the administrator must
manually reboot the appliance by powering it off and on.
Logging into the FIPS Management Console
After you log into the Email Security appliance as an administrator user, you can
log into the FIPS Management console as the FIPS Officer to manage the HSM
card. You can log into and out of the FIPS Management console separately while
remaining logged into the rest of the appliance web interface.
log into the FIPS Management console as the FIPS Officer to manage the HSM
card. You can log into and out of the FIPS Management console separately while
remaining logged into the rest of the appliance web interface.
Access the FIPS Management console from the FIPS Mode menu in the upper
right corner of the web interface.
right corner of the web interface.
shows the FIPS Mode menu.