-
-
-
-
-
-
-
-
ssl-fipsKey
-
-
-
This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)
此内容已经过机器动态翻译。 放弃
このコンテンツは動的に機械翻訳されています。免責事項
이 콘텐츠는 동적으로 기계 번역되었습니다. 책임 부인
Este texto foi traduzido automaticamente. (Aviso legal)
Questo contenuto è stato tradotto dinamicamente con traduzione automatica.(Esclusione di responsabilità))
This article has been machine translated.
Dieser Artikel wurde maschinell übersetzt. (Haftungsausschluss)
Ce article a été traduit automatiquement. (Clause de non responsabilité)
Este artículo ha sido traducido automáticamente. (Aviso legal)
この記事は機械翻訳されています.免責事項
이 기사는 기계 번역되었습니다.책임 부인
Este artigo foi traduzido automaticamente.(Aviso legal)
这篇文章已经过机器翻译.放弃
Questo articolo è stato tradotto automaticamente.(Esclusione di responsabilità))
Translation failed!
ssl-fipsKey
The following operations can be performed on “ssl-fipsKey”:
import | show | export | rm | create |
import ssl fipsKey
Imports a FIPS key into the Hardware Security Module (HSM) of the FIPS card. Can import an existing FIPS key, or can import, as a FIPS key, an external private key, such as a key that was created on an Apache or IIS external Web server.
Synopsis
import ssl fipsKey
Arguments
fipsKeyName Name for the FIPS key to be imported. Must begin with an ASCII alphanumeric or underscore (_) character, and must contain only ASCII alphanumeric, underscore, hash (#), period (.), space, colon (:), at (@), equals (=), and hyphen (-) characters. Cannot be changed after the FIPS key is created.
The following requirement applies only to the Citrix ADC CLI: If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, “my fipskey” or ‘my fipskey’).
key Name of and, optionally, path to the key file to be imported. /nsconfig/ssl/ is the default path.
inform Input format of the key file. Available formats are: SIM - Secure Information Management; select when importing a FIPS key. If the external FIPS key is encrypted, first decrypt it, and then import it. PEM - Privacy Enhanced Mail; select when importing a non-FIPS key.
Possible values: SIM, DER, PEM Default value: SIM
wrapKeyName Name of the wrap key to use for importing the key. Required for importing a non-FIPS key.
iv Initialization Vector (IV) to use for importing the key. Required for importing a non-FIPS key.
exponent Exponent value for the FIPS key to be created. Available values function as follows: 3=3 (hexadecimal) F4=10001 (hexadecimal)
Possible values: 3, F4 Default value: 3
Example
1)import fipskey fips1 -key /nsconfig/ssl/fipskey.sim The above example imports a FIPS key stored in the file fipskey.sim in the system. 2)import fipskey fips2 -key /nsconfig/ssl/key.der -inform DER -wrapKeyName wrapkey1 -iv wrap123 The above example imports a non-FIPS key stored in the file key.der in the system.
show ssl fipsKey
Displays information about all the FIPS keys configured on the appliance, or displays detailed information about the specified FIPS key.
Synopsis
show ssl fipsKey [
Arguments
fipsKeyName Name of the FIPS key for which to show detailed information.
Output
modulus The modulus of the RSA key.
exponent The exponent value for the RSA key.
curve The curve id for the ECDSA key.
keytype The type for the key.
size Size.
devno count stateflag
Example
1) An example of output of show ssl fipskey command is as follows: show fipskey 2 FIPS keys: 1) FIPS Key Name: fips1 2) FIPS Key Name: fips2
2) An example of output of show fipskey command with FIPS key name specified is as follows: show fipskey fips1 FIPS Key Name: fips1 Modulus: 1024 Public Exponent: 3 (Hex: 0x3)
export ssl fipsKey
Exports a FIPS key from one appliance to another or backs up a FIPS key in a secure manner. The exported key is secured by using a strong asymmetric key encryption method.
Synopsis
export ssl fipsKey
Arguments
fipsKeyName Name of the FIPS key to export.
key Name of and, optionally, path to the exported key file. /nsconfig/ssl/ is the default path.
Example
export fipskey fips1 -key /nsconfig/ssl/fips1.key
rm ssl fipsKey
Removes all the FIPS keys, or the specified FIPS key, from the appliance.
Synopsis
rm ssl fipsKey
Arguments
fipsKeyName Name of the FIPS key to remove.
Example
rm fipskey fips1
create ssl fipsKey
Generates a FIPS key within the Hardware Security Module (HSM) of the FIPS card.
Synopsis
create ssl fipsKey
Arguments
fipsKeyName Name for the FIPS key. Must begin with an ASCII alphanumeric or underscore (_) character, and must contain only ASCII alphanumeric, underscore, hash (#), period (.), space, colon (:), at (@), equals (=), and hyphen (-) characters. Cannot be changed after the FIPS key is created.
The following requirement applies only to the Citrix ADC CLI: If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, “my fipskey” or ‘my fipskey’).
keytype Only RSA key and ECDSA Key are supported.
Possible values: RSA, ECDSA Default value: RSA
exponent Exponent value for the FIPS key to be created. Available values function as follows: 3=3 (hexadecimal) F4=10001 (hexadecimal)
Possible values: 3, F4 Default value: 3
modulus Modulus, in multiples of 64, of the FIPS key to be created. Minimum value: 0 Maximum value: 4096
curve Only p_256 (prime256v1) and P_384 (secp384r1) are supported.
Possible values: P_256, P_384 Default value: P_256
Example
create fipskey fips1 -modulus 1024 -exp f4
Share
Share
This Preview product documentation is Citrix Confidential.
You agree to hold this documentation confidential pursuant to the terms of your Citrix Beta/Tech Preview Agreement.
The development, release and timing of any features or functionality described in the Preview documentation remains at our sole discretion and are subject to change without notice or consultation.
The documentation is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making Citrix product purchase decisions.
If you do not agree, select I DO NOT AGREE to exit.