How to store the SSL Visibility Appliance Master Key on a USB and Protect it with a PIN

book

Article ID: 168501

calendar_today

Updated On:

Products

SSL Visibility Appliance Software

Issue/Introduction

The first procedure describes the process using the Command Line; scroll down to find the GUI procedure.

How to store the Master Key on a USB stick and protect it with a PIN when using the Command Line:

  1. Have a USB key that is formatted with the FAT32 file system.
  2. Have a SSL Visibility Appliance, new out of the box, or perform a factory reset if required.
  3. Log in as bootstrap/bootstrap.
  4. Set master key storage to USB and protect with a PIN. Verify the settings:
  •  master key storage usb
  •  master key pin enabled
  •  master key settings

User-added image 

  1. Insert the USB stick into the front USB port on the SV1800, SV2800, SV3800, or the top USB port on the back of the SV800.
  2. Create the master key:
  • master key create

User-added image 

  1. To create the PIN by, enter the following key sequence on the front panel: 01230123 (Upper Left, Upper Right, Lower Left, Lower Right, Upper Left, Upper Right, Lower Left, Lower Right).
  2. Enter the password using the front panel. A password must be 8 characters in length.

User-added image 

  1. Once confirmed, the master key will be stored on the USB and protected by the PIN. The USB and PIN must be used after every restart to unlock the secure store.
  2. Pull out the USB and keep in a safe place.
  3. Proceed with bootstrap by creating a user to manage the appliance:
  •  user add sysadmin manage-pki manage-appliance manage-policy audit
  1. Exit from bootstrap phase, and log in as the newly created user
  2. Set the management network IP address and reboot.
  • network set ip 10.169.101.43 netmask 255.255.255.240 gateway 10.169.101.33
  • platform reboot
  1. Since the USB is not inserted into the appliance, the secure store cannot be unlocked. Any attempts to log in to the appliance as the user previously created are unsuccessful. Only a bootstrap user is allowed to log in. Once you are logged in as bootstrap, the following message is displayed “master key generation in process.”

User-added image 

  1. Insert the USB stick into the front USB port then enter the following key sequence on the front panel 01230123 (Upper Left, Upper Right, Lower Left, Lower Right, Upper Left, Upper Right, Lower Left, Lower Right). Enter the PIN that was previously created to allow access to the master key stored on the USB
  2. Once the PIN is entered, the secure store is unlocked, and normal appliance operation may commence.

How to store the Master Key on a USB stick and protect it with a PIN Using the GUI

  1. Have a USB key formatted using the FAT32 file system to hand.
  2. Have a SSL Visibility Appliance, new out of the box, or perform a factory reset if required.
  3. Enter the following key sequence on the front panel: 01320132 (Upper Left, Upper Right, Lower Right, Lower Left, Upper Left, Upper Right, Lower Right, Lower Left), and configure the appliance IP, netmask and gateway. The appliance will restart so the new IP settings can take effect.
  4. Log into GUI to complete bootstrap, making sure to set:
  • Master Key Storage Location: USB
  • Master Key Protection: Keypad Password
  1. Insert the USB stick in to the front USB port on the SV1800, SV2800, SV3800, or the top USB port on the back of the SV800.
  2. Create the PIN by entering the following key sequence on the front panel: 01230123 (Upper Left, Upper Right, Lower Left, Lower Right, Upper Left, Upper Right, Lower Left, Lower Right).
  3. Enter the password on the front panel. A password must be 8 characters in length.

User-added image

  1. Using the WebUI, create a user to log in to the appliance. This user should have all options selected.
  2. Log in as the newly created used, reboot, and confirm you see the following message when the appliance comes online.

User-added image 

  1. Insert the USB stick into the USB port, then enter the following key sequence on the front panel: 01230123 (Upper Left, Upper Right, Lower Left, Lower Right, Upper Left, Upper Right, Lower Left, Lower Right). Next, Enter the PIN that was previously created to allow access to the master key stored on the USB (Note: The PIN must be entered twice for the Master Key to be unlocked when using the GUI method).
  2. Once PIN is entered, the secure store is unlocked, and normal appliance operation may commence.

Resolution

  

Attachments