Diagnostic commands, Fips commands – HP Secure Key Manager User Manual

Page 269

Diagnostic commands

host run – look up the host specified using the domain server.

Syntax

hostname (config)# host run

command(s)

• traceroute run
• netstat run
• ping run

ping run – send ICMP ECHO_REQUEST packets to the specified network host.

Syntax

hostname (config)# ping run

command(s)

• host run
• traceroute run
• netstat run

netstat run – generate a list of all active connections on the SKM.
Syntax

hostname (config)# netstat run

command(s)

• host run
• traceroute run
• ping run

traceroute run – print the route packets take to the specified network host.
Syntax

hostname (config)# traceroute run

command(s)

• host run
• netstat run
• ping run

FIPS commands

fips compliant – make the device FIPS-compliant.
This will alter various server settings, as documented in

IMPORTANT:

According to FIPS requirements, you cannot enable or disable FIPS when there are keys on the SKM.

You must

manually

delete all keys before enabling and disabling FIPS compliance. Keys are zeroized

upon deletion.

We strongly recommend that you back up your keys before deleting.

IMPORTANT:

Setting this device to be FIPS-compliant forces SSL connections to the KMS Server and to the Web

Administration service to use TLS 1.0 only. Some Web browsers, including Internet Explorer 6.0, do

not have TLS 1.0 enabled by default. If your browser is no longer able to make a connection to this

device, please check that it has TLS 1.0 enabled. (In Internet Explorer, select Internet Options from the

Tools menu, click the Advanced tab, scroll down to the Security section, and make sure the “Use TLS

1.0” checkbox is checked.)

Syntax

hostname# fips compliant
This device is now FIPS-compliant.

command(s)

• show fips status

fips server – enable the FIPS status server and assign it an IP and a port.

Secure Key Manager

269