Establishing a connection to an sftp server, Displaying and maintaining fips, Fips configuration examples – H3C Technologies H3C S12500-X Series Switches User Manual
Page 258: Triggering self-tests, Entering fips mode through automatic reboot
246
•
Pair-wise consistency test—This test is run when a DSA/RSA asymmetrical key-pair is generated. It
uses the public key to encrypt a plain text, and uses the private key to decrypt the encrypted text. If
the decryption is successful, the test succeeds. Otherwise, the test fails.
•
Continuous random number generator test—This test is run when a random number is generated.
If two consecutive random numbers are different, the test succeeds. Otherwise, the test fails. This test
can also be run when a DSA/RSA asymmetrical key-pair is generated.
331B
Triggering self-tests
To examine whether the cryptography modules operate correctly, you can trigger a self-test on the
cryptographic algorithms. The triggered self-test is the same as the power-up self-test. If the self-test fails,
the card where the self-test process exists reboots.
To trigger a self-test:
Step Command
1.
Enter system view.
system-view
2.
Trigger a self-test.
fips self-test
153B
Displaying and maintaining FIPS
Execute the display command in any view.
Task Command
Display the FIPS mode state.
display fips status
154B
FIPS configuration examples
332B
Entering FIPS mode through automatic reboot
551B
Network requirements
Use the automatic reboot method to enter FIPS mode, and use a console port to log in to the device in
FIPS mode.
552B
Configuration procedure
# If you want to save the current configuration, execute the save command before you enable FIPS mode.
# Enable FIPS mode and choose the automatic reboot method to enter FIPS mode. Configure the
username as root and the password as 12345zxcvb!@#$%ZXCVB.
[Sysname] fips mode enable
FIPS mode change requires a device reboot. Continue? [Y/N]:y
Reboot the device automatically? [Y/N]:y
The system will create a new startup configuration file for FIPS mode. After you set the
login username and password for FIPS mode, the device will reboot automatically.
- H3C S5560 Series Switches H3C WX6000 Series Access Controllers H3C WX5000 Series Access Controllers H3C WX3000 Series Unified Switches H3C LSWM1WCM10 Access Controller Module H3C LSWM1WCM20 Access Controller Module H3C LSQM1WCMB0 Access Controller Module H3C LSRM1WCM2A1 Access Controller Module H3C LSBM1WCM2A0 Access Controller Module H3C S9800 Series Switches H3C S5130 Series Switches H3C S5120 Series Switches