HP Secure Key Manager User Manual

Page 270

Advertising
background image

Syntax

hostname# fips server
Enable FIPS Status Server [y]:
Available IP addresses:
1.

All

2.

172.17.3.21

Local IP (1-2)[1]:
Local Port [9081]:

NOTE:

You can view the FIPS Status Report by accessing http://<Local IP>:<Local

Port>/status.html.

Related

command(s)

show fips server

reset factory settings zeroize – zeroize all keys and passwords on the device.

Syntax

NOTE:

For security purposes, this command can only be run from the CLI at the console.

You cannot execute this command remotely via the CLI over SSH or from the

Management Console.

hostname# reset factory settings zeroize

Related

command(s)

reset factory settings

security settings – change the status of security-related functionality on the SKM.
This functionality must be disabled for FIPS compliance. These settings are automatically configured when you

select Set FIPS Compliance in the FIPS Compliance section.

IMPORTANT:

When you enable FIPS compliance on the SKM, the functionality displayed here is disabled. Modifying

any

of the items in the High Security Settings section immediately takes the device out of FIPS

compliance. This section should be used to

review

the key and device security functionality that has

been disabled for full FIPS compliance. When the device is FIPS-compliant, do not alter these settings.

IMPORTANT:

According to FIPS requirements, you cannot enable or disable FIPS when there are keys on the SKM.

You must

manually

delete all keys before enabling and disabling FIPS compliance. Keys are zeroized

upon deletion.

We strongly recommend that you back up your keys before deleting.

For more information, see

Using advanced security features

.

Syntax

hostname# security settings
Disable Creation and Use of Global Keys [y]:
Disable Non-FIPS Algorithms and Key Sizes [y]:
Disable RSA Encryption and Decryption [y]:
Disable FTP for Certificate Import, Backup, and Restore [y]:
Disable Certificate Import through Serial Console Paste [y]:
Disable Hotswappable RAID Drives [y]:

Related

command(s)

show security settings

show security settings – view the status of security-related functionality on the SKM.

NOTE:

This functionality must be disabled for FIPS compliance. These settings are automatically configured

when you select Set FIPS Compliance in the FIPS Compliance section. For more information, see

Using

advanced security features

.

270

Using the Command Line Interface

Advertising
Popular Brands
Popular manuals