跳转到主内容

采用开放式SSL FIPS的NetApp支持的RSA密钥大小是多少?

Views:
7
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
CORE
Last Updated:

可不使用  

适用场景

  • ONTAP 9
  • NetApp 存储加密

问题解答

使用开放式SSL FIPS创建证书时、请务必选择支持的大小2048或3072。

根据 [1] ONTAP 9.x中命令security certificATE create的手册页:

-size <size of requested certificate in bits>-所请求证书的大小(以位为单位
)指定私钥中的位数。值越大、密钥越安全。默认值为2048。如果
"security config"中的"FIPS Mode"为false、则可能的值包括512、1024、1536、2048和3072。当"FIPS Mode"为true时,
可能的值为 2048和3072。

如果使用 'security certificate create' 命令、ONTAP将向您发出警告

示例:
cluster:*> security config show
         集群                                             安全
接口FIPS模式 支持的协议支持的加密器    配置就绪
------- -------- ----------------------- ----------------------- -----------------------
ssl       true      TLSv1.2            all:!low:!aNULL:!EXP:yes
                                        !eNULL:!3des
cluster::*> security certificATE create -common-name test -size 4096 错误:"4096"无效
字段"-size的值" 此命令上下文中的有效选项:2048、3072
 
 
示例:如果在密钥大小为4096的KMIP服务器上创建了证书 、然后将其安装在ONTAP中、则会执行以下操作
在尝试与KMIP服务器通信时出现:

cluster:>>security key-manager show -status
Node                   Port   已注册密钥管理       器状态
-----------------------  --------  -----------------------  --------
cluster-node1            5696   10.0.13.91                  unknown
cluster-node1            5696   10.0.13.92                  unknown
cluster-node1            5696   10.4.13.95                  unknown
cluster-node1            5696   10.4.13.96                  unknown
cluster-node2            5696   10.0.13.91                  unknown
cluster-node2            5696   10.0.13.92                  unknown
cluster-node2            5696   10.4.13.95                  unknown
cluster-node2            5696                     10.13.96未知
显示8个条目
 
RSA: 删除证书并使用支持的解决方案密钥大小安装新证书

追加信息

 

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.