How to Set Up SIM on a FIPS-Enabled NetScaler Appliance

To set up SIM on a FIPS-enabled NetScaler appliance, complete the following procedures:

  1. Initializing the SIM
  2. Enabling the SIM

Initializing the SIM

To initialize the SIM, complete the following procedure:

  1. On the primary NetScaler appliance, run the following command to initialize the SIM:

    Primary> init fipsSIMsource /nsconfig/ssl/source.cert

  2. Run the following command to copy the source.cert file to the /nsconfig/ssl directory of the secondary appliance:

    scp /nsconfig/ssl/source.cert nsroot@<IP_Address_of_Secondary_Appliance>:/nsconfig/ssl/

  3. On the secondary appliance, run the following command to initialize the SIM:

    Secondary> init fipsSIMtarget /nsconfig/ssl/source.cert /nsconfig/ssl/target.key /nsconfig/ssl/target.secret

  4. Run the following command to copy the target.secret file to the /nsconfig/ssl directory of the primary appliance:

    scp /nsconfig/ssl/target.secret nsroot@< IP_Address_of_Primary_Appliance >:/nsconfig/ssl/

Enabling the SIM

To enable the SIM, complete the following procedure:

  1. On the primary appliance, run the following command to enable the SIM:

    Primary> enable fipsSIMsource /nsconfig/ssl/target.secret /nsconfig/ssl/source.secret

  2. Run the following command to copy the source.secret file to the /nsconfig/ssl directory of the secondary appliance:

    < scp /nsconfig/ssl/source.secret nsroot@< IP_Address_of_Secondary_Appliance >:/nsconfig/ssl/>

    scp /nsconfig/ssl/source.secret nsroot@<ip_of_secondary>:/nsconfig/ssl/

  3. On the secondary appliance, run the following command to enable the SIM:

    Secondary> enable fipsSIMtarget /nsconfig/ssl/target.key /nsconfig/ssl/source.secret

After completing the preceding procedures, you can import and export the FIPS keys between the primary and secondary appliances.

Related:

  • No Related Posts

Leave a Reply