ADC CLI Commands

ssl-fips

The following operations can be performed on “ssl-fips”:

reset set show unset update

reset ssl fips

Resets the FIPS card to the default password for Security Officer and User accounts. This command can be used only if the FIPS card has been locked because of three or more unsuccessful login attempts.

Synopsis

reset ssl fips

Arguments

Example

reset fips

set ssl fips

Initializes the Hardware Security Module (HSM) on the FIPS card and sets a new security officer password and user password. CAUTION: This command erases all data on the FIPS card. You are prompted before proceeding with the command execution. A restart is required before and after executing this command for the changes to apply. Save the configuration after executing this command and before restarting the appliance.

Synopsis

set ssl fips -initHSM Level-2 [-hsmLabel ]

Arguments

initHSM FIPS initialization level. The appliance currently supports Level-2 (FIPS 140-2).

Possible values: Level-2

soPassword Security officer password that will be in effect after you have configured the HSM.

oldSoPassword Old password for the security officer.

userPassword The Hardware Security Module’s (HSM) User password.

hsmLabel Label to identify the Hardware Security Module (HSM).

Example

1) set fips -initHSM Level-2 fipsso123 oldfipsso123 fipuser123 -hsmLabel FIPS-140-2

This command will erase all data on the FIPS card. You must save the configuration (saveconfig) after executing this command.Do you want to continue?(Y/N)y

The above command initializes the FIPS card to FIPS-140-2 Level-2 and sets the HSM’s Security Officer and User passwords.

show ssl fips

Displays the information on the FIPS card.

Synopsis

show ssl fips

Arguments

Output

initHSM The level of the FIPS initialization.

soPassword Security officer password that will be in effect after you have configured the HSM.

userPassword The Hardware Security Module’s (HSM) User password.

oldSoPassword Old password for the security officer.

eraseData Erase data.

hsmLabel FIPS card (HSM) label

serial FIPS card serial number.

majorVersion Firmware major version.

minorVersion Firmware minor version.

FipsHwMajorVersion FIPS card hardware major version.

FipsHwMinorVersion FIPS card hardware minor version.

FipsHwVersionString FIPS card hardware extended version string.

flashMemoryTotal Total size of the flash memory on card.

flashMemoryFree Total size of free flash memory.

sramTotal Total size of the SRAM memory on card.

sramFree Total size of free SRAM memory.

status Status.

flag Internal Flags.

serialNo FIPS card serial number.

model FIPS card model info.

state FIPS card state.

firmwareReleaseDate FIPS card firmware revision date.

coresMax Maximum number of crypto cores present in the FIPS card.

coresEnabled Number of crypto cores enabled in the FIPS card.

Example

An example of the output for show ssl fips command is as follows: FIPS HSM Info: HSM Label : FIPS1 Initialization : FIPS-140-2 Level-2 HSM Serial Number : 238180016 Firmware Version : 4.3.0 Total Flash Memory : 1900428 Free Flash Memory : 1899720 Total SRAM Memory : 26210216 Free SRAM Memory : 17857232

unset ssl fips

Use this command to remove ssl fips settings.Refer to the set ssl fips command for meanings of the arguments.

Synopsis

unset ssl fips -hsmLabel

update ssl fips

Updates the FIPS firmware. Note: Upgrade with compatible firmware is required. You must specify a valid file path and name

Synopsis

update ssl fips -fipsFW

Arguments

fipsFW Path to the FIPS firmware file.

Example

update ssl fips -fipsFW /var/nsinstall/fips/CN16XX-NFBE-FW-2.2-130001

ssl-fips