The passive-attack-protection-only keyring is generated when the appliance starts for the first time and not generally used in production. They keyring is tagged to a Device Profile called “passive-attack-protection-only” and is sometimes used for Secure ADN encryption with no endpoint authentication. This profile and the keyring cannot be removed or updated
The only way to keep this keyring valid is to to reset the appliance to factory defaults. This creates a new passive-attack-protection-only keyring with a validity of 2 years.