Raritan Computer DKSXII-V2.3.0-0D-E User Manual

Chapter 9: Security Management

197

For additional security, you can also create a new Certificate Signing
Request once FIPS mode is activated. This will be created using the
required key ciphers. Upload the certificate after it is signed or create
a self-signed certificate. The SSL Certificate status will updated from
'Not FIPS Mode Compliant' to 'FIPS Mode Compliant'.

When FIPS mode is activated, key files cannot be downloaded or
uploaded. The most recently created CSR will be associated
internally with the key file. Further, the SSL Certificate from the CA
and its private key are not included in the full restore of the
backed-up file. The key cannot be exported from KSX II.

FIPS 140-2 Support Requirements

The KSX II supports the use of FIPS 140-20 approved encryption
algorithms. This allows an SSL server and client to successfully
negotiate the cipher suite used for the encrypted session when a client is
configured for FIPS 140-2 only mode.

Following are the recommendations for using FIPS 140-2 with the KSX
II:

KSX II



Set the Encryption & Share to Auto on the Security Settings page.
See Encryption & Share.

Microsoft Client



FIPS 140-2 should be enabled on the client computer and in Internet
Explorer.

To enable FIPS 140-2 on a Windows client:

1. Select Control Panel > Administrative Tools > Local Security Policy

to open the Local Security Settings dialog.

2. From the navigation tree, select Select Local Policies > Security

Options.

3. Enable "System Cryptography: Use FIPS compliant algorithms for

encryption, hashing and signing".

4. Reboot the client computer.

To enable FIPS 140-2 in Internet Explorer:

1. In Internet Explorer, select Tools > Internet Options and click on the

Advanced tab.

2. Select the Use TLS 1.0 checkbox.

3. Restart the browser.