Руководство Пользователя для Cisco Cisco Web Security Appliance S170
S U P P O R T E D C E R T I F I C A T E T Y P E S
C H A P T E R 5 : F I P S M A N A G E M E N T
73
Note — There is no way to retrieve the FIPS Officer password once it is set. If you forget the
FIPS Officer password, the only way to access the HSM card is to initialize it, which wipes all
certificates and keys it manages. Cisco recommends backing up all data on the HSM card
after it is fully configured. For more information, see “Backing up and Restoring Certificates
and Keys” on page 79.
FIPS Officer password, the only way to access the HSM card is to initialize it, which wipes all
certificates and keys it manages. Cisco recommends backing up all data on the HSM card
after it is fully configured. For more information, see “Backing up and Restoring Certificates
and Keys” on page 79.
After you log into the FIPS management console, you can change the FIPS Officer password.
To change the FIPS Officer password:
1. Log into the FIPS management console.
2. Click Edit Settings in the Password Management section.
Figure 5-4 shows the Edit Password Management Settings page.
Figure 5-4 Edit Password Management Settings Page
3. Enter the current FIPS Officer password and the new FIPS Officer password in the
appropriate fields.
4. Click Submit.
Supported Certificate Types
When an SSL session uses an RSA key, the key is protected by the HSM card. When an SSL
session uses a DSA key, the key is not protected by the HSM card. The web interface and CLI
prevent administrators from uploading certificates that use DSA keys.
session uses a DSA key, the key is not protected by the HSM card. The web interface and CLI
prevent administrators from uploading certificates that use DSA keys.
Logging
For error messages related to FIPS management, read the Proxy Error Logs at the trace or
debug level. You can search for “HSM” in Proxy Error Logs to get HSM related information.
debug level. You can search for “HSM” in Proxy Error Logs to get HSM related information.