6-5
Cisco 11000 Series Secure Content Accelerator Configuration Guide
78-13124-06
Chapter 6 FIPS Operation
Using FIPS Mode
Creating a Server in FIPS Mode
Creating and configuring server operations in FIPS Mode are nearly identical to
those in normal operational modes. The differences are the following:
•
Only the FIPS security policy and security policies containing FIPS-approved
algorithms can be used
•
Only FIPS-compliant servers can be used for data transfer
(non-FIPS-compliant servers can be edited for FIPS compliance)
Follow the steps below to create a FIPS-compliant server.
1.
Connect to the Secure Content Accelerator using a serial management
session, and enter Privileged, Configuration, and SSL Modes. Create a secure
server named mySecServ.
[FIPS] SCA> enable
[FIPS] SCA# config
[FIPS] config[SCA]# ssl
[FIPS] ssl-config[SCA]# server mySecServ create
[FIPS] ssl-server[mySecServ]#>
2.
Assign an IP address, key, certificate, and FIPS-compliant security policy.
[FIPS] ssl-server[mySecServ]#> ip address 10.1.114.30
[FIPS] ssl-server[mySecServ]#> key myOwnKey
[FIPS] ssl-server[mySecServ]#> cert myOwnCert
[FIPS] ssl-server[mySecServ]#> secpolicy fips
[FIPS] ssl-server[mySecServ]#>
3.
Exit to Top Level Mode.
[FIPS] ssl-server[mySecServ]#> finished
[FIPS] SCA#