Force periodic update, Related cli commands, Using advanced security features – HP Secure Key Manager User Manual
Page 169: Advanced security overview, 169 related cli commands
NOTE:
The Auto-Update feature does not apply to local CAs.
Force Periodic Update
The SKM performs a daily check of the Next Update field to determine whether it should attempt to
update the CRL for a particular CA. If you are not satisfied with a daily check of the Next Update
field or if it is possible that the CA incorrectly set the Next Update field in the CRL, you can use the
optional Force Periodic Update parameter to instruct the SKM to download updated CRLs at an interval
you specify.
It is important to note that when you specify a value for the Force Periodic Update parameter, the
SKM does not stop making daily checks of the Next Update field. For example, if you set the Force
Periodic Update parameter to 10800 minutes (one week), the SKM continues to check the Next
Update field on a daily basis to see if it is necessary to download an updated CRL. In addition, the
SKM downloads the CRL from the CDP according to the value you specify in the Force Periodic Update
parameter.
The Force Periodic Update parameter supports values between 5 and 525600 minutes (one year).
Values must be a multiple of 5; if you enter a number that is not a multiple of 5, the value is rounded
down to the closest multiple of 5. For example, if you enter a value of 12, the value will be rounded
down to 10.
NOTE:
The Force Periodic Update parameter is not available for local CAs.
Related CLI Commands
Configuration of the SKM to work with CRLs is done exclusively from the Command Line Interface.
See
for the appropriate commands.
Using advanced security features
Advanced security features provide the highest level of secure operation on the SKM. This section
discusses the following topics:
• Advanced Security Overview
• High Security Configuration Page
• FIPS Status Server Page
• SSL Overview
• SSL Sections
Advanced Security overview
Use the Advanced Security settings on the SKM to set the highest level of security for administrative
and cryptographic operations on the device. Depending on the SKM in use, the advanced security
settings can be configured to comply with the Federal Information Processing Standard (FIPS) 140-2,
Level 2 standards. If you use a non-FIPS-compliant SKM, you can still use high security settings.
Secure Key Manager
169