Product Documentation

ssl fips

Sep 12, 2016

The following operations can be performed on "ssl fips":

set ssl fips

Initializes the Hardware Security Module (HSM) on the FIPS card and sets a new security officer password and user password. CAUTION: This command erases all data on the FIPS card. You are prompted before proceeding with the command execution. A restart is required before and after executing this command for the changes to apply. Save the configuration after executing this command and before restarting the appliance.

Synopsys

set ssl fips -initHSM Level-2 [-hsmLabel <string>]

Arguments

initHSM

FIPS initialization level. The appliance currently supports Level-2 (FIPS 140-2).

Possible values: Level-2

soPassword

Security officer password that will be in effect after you have configured the HSM.

oldSoPassword

Old password for the security officer.

userPassword

The Hardware Security Module's (HSM) User password.

hsmLabel

Label to identify the Hardware Security Module (HSM).

Example

1) set fips -initHSM Level-2 fipsso123 oldfipsso123 fipuser123 -hsmLabel FIPS-140-2 >This command will erase all data on the FIPS card. You must save the configuration (saveconfig) after executing this command.Do you want to continue?(Y/N)y  The above command initializes the FIPS card to FIPS-140-2 Level-2 and sets the HSM's Security Officer and User passwords.

unset ssl fips

Use this command to remove ssl fips settings.Refer to the set ssl fips command for meanings of the arguments.

Synopsys

unset ssl fips -hsmLabel

reset ssl fips

Resets the FIPS card to the default password for Security Officer and User accounts. This command can be used only if the FIPS card has been locked because of three or more unsuccessful login attempts.

Synopsys

reset ssl fips

Example

reset fips

show ssl fips

Displays the information on the FIPS card.

Synopsys

show ssl fips

Outputs

initHSM

The level of the FIPS initialization.

soPassword

Security officer password that will be in effect after you have configured the HSM.

userPassword

The Hardware Security Module's (HSM) User password.

oldSoPassword

Old password for the security officer.

eraseData

Erase data.

hsmLabel

FIPS card (HSM) label

serial

FIPS card serial number.

majorVersion

Firmware major version.

minorVersion

Firmware minor version.

FipsHwMajorVersion

FIPS card hardware major version.

FipsHwMinorVersion

FIPS card hardware minor version.

FipsHwVersionString

FIPS card hardware extended version string.

flashMemoryTotal

Total size of the flash memory on card.

flashMemoryFree

Total size of free flash memory.

sramTotal

Total size of the SRAM memory on card.

sramFree

Total size of free SRAM memory.

status

Status.

flag

Internal Flags.

serialNo

FIPS card serial number.

model

FIPS card model info.

state

FIPS card state.

firmwareReleaseDate

FIPS card firmware revision date.

coresMax

Maximum number of crypto cores present in the FIPS card.

coresEnabled

Number of crypto cores enabled in the FIPS card.

Example

An example of the output for show ssl fips command is as follows:  FIPS HSM Info:   HSM Label              : FIPS1   Initialization         : FIPS-140-2 Level-2   HSM Serial Number      : 238180016   Firmware Version       : 4.3.0   Total Flash Memory     : 1900428   Free Flash Memory      : 1899720   Total SRAM Memory      : 26210216   Free SRAM Memory       : 17857232 

update ssl fips

Updates the FIPS firmware. Note: Upgrade with compatible firmware is required. You must specify a valid file path and name

Synopsys

update ssl fips -fipsFW <string>

Arguments

fipsFW

Path to the FIPS firmware file.

Example

update ssl fips -fipsFW /var/nsinstall/fips/CN16XX-NFBE-FW-2.2-130001