FIPS Commands

connectorctl fips enable

To enable FIPS on the connector, use the connectorctl fips enable command.

connectorctl fips enable

Syntax Description

This command has no keywords or arguments.

Examples

The following example shows how to enable FIPS on the connector:

[spacesadmin@connector ~]$ connectorctl fips enable
Executing command:fips
Terminated
[spacesadmin@connector ~]$ Connection to 10.22.244.2 closed by remote host

Note

Enabling FIPS restarts the connector VM.

Command History

Release 3, January 2025

This command is introduced.

connectorctl fips show

To validate if the FIPS is enabled or not, use the connectorctl fips show command.

connectorctl fips show

Syntax Description

This command has no keywords or arguments.

Examples

The following example shows how to verify if FIPS is enabled in the connector:

[spacesadmin@connector ~]$ connectorctl fips show
Executing command:fips
Command execution status:Success
----------------------
FIPS mode status:
FIPS mode is enabled.
verify FIPS mode is enabled at the operating system level:
crypto.fips_enabled = 1
OpenSSL version:
FIPS Toolkit Enabled
CiscoSSL 1.1.1y.7.3.377-fips
ssh runs in FIPS mode
x509v3-ecdsa-sha2-nistp256
x509v3-ecdsa-sha2-nistp384
x509v3-ecdsa-sha2-nistp521
x509v3-ssh-rsa
x509v3-rsa2048-sha256
ecdsa-sha2-nistp256
ecdsa-sha2-nistp256-cert-v01@openssh.com
ecdsa-sha2-nistp384
ecdsa-sha2-nistp384-cert-v01@openssh.com
ecdsa-sha2-nistp521
ecdsa-sha2-nistp521-cert-v01@openssh.com
ssh-rsa
ssh-rsa-cert-v01@openssh.com

[spacesadmin@connector ~]$
The following example shows how to verify if FIPS is disabled in the connector: 

[spacesadmin@connector ~]$ connectorctl fips show
Executing command:fips
Command execution status:Success
----------------------
FIPS mode status:
FIPS mode is disabled.
verify FIPS mode is enabled at the operating system level:
crypto.fips_enabled = 0
OpenSSL version:
FIPS Toolkit Enabled
CiscoSSL 1.1.1y.7.3.377-fips
ssh runs in FIPS mode
x509v3-ecdsa-sha2-nistp256
x509v3-ecdsa-sha2-nistp384
x509v3-ecdsa-sha2-nistp521
x509v3-ssh-rsa
x509v3-rsa2048-sha256
ecdsa-sha2-nistp256
ecdsa-sha2-nistp256-cert-v01@openssh.com
ecdsa-sha2-nistp384
ecdsa-sha2-nistp384-cert-v01@openssh.com
ecdsa-sha2-nistp521
ecdsa-sha2-nistp521-cert-v01@openssh.com
ssh-rsa
ssh-rsa-cert-v01@openssh.com

Command History

Release 3, January 2025

This command is introduced.

connectorctl -s location keystore showcert -n fipsca

To view the certificate for the location service running on the connector, use the connectorctl -s location keystore showcert -n fipsca command

connectorctl -s location keystore showcert -n fipsca

Syntax Description

Keywords and Variables Description
-n fipsca

fipsca is the connector client CA certificate for the location service.

Examples

The following example shows how to verify the certificate for the location service:
[spacesadmin@connector ~]$ connectorctl -s location keystore showcert -n fipsca
Executing command:keystore
Command execution status:Success
-----------------------
-----BEGIN CERTIFICATE-----
MIIDRTCCAi2gAwIBAgIEOPYBtjANBgkqhkiG9w0BAQsFADBMMQswCQYDVQQGEwJV
UzELMAkGA1UECBMCQ0ExETAPBgNVBAcTCFNhbiBKb3NlMQwwCgYDVQQKEwNNU0Ux
DzANBgNVBAMTBnJvb3RDQTAeFw0yNTAyMTAyMDAzMTFaFw0zNTAxMjkyMDAzMTFa
MEwxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTERMA8GA1UEBxMIU2FuIEpvc2Ux
DDAKBgNVBAoTA01TRTEPMA0GA1UEAxMGcm9vdENBMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAjDOzn6HthkdpHd6YYXjUXOOJeAYG8U87brpYurusMq+B
0an55rP5yCBkfFW8I3sqR2PaiezDdnSmLaMUzCVpa7nJvicxIeLIGYJNjbxBO4/z
iAuIjd48DN0jOo90FQYbNkcsoh1lb2iLYel7WL2zsilIJrbvkVHXiiIcJs60F+5w
svrnY2lhV/C4e5ZrCvSMWKDDvJQxBXZOytcF3BIA+iEOLLPaUYdwx7aB06jE+yjk
756qbRLh+6c/pZ9kM4DlD91aAdqBKgS+FdEBUqzEugiuwCf4o3ET0QMpx3xQSUX1
3zdM8XQtBf5gU3+GeJ+1ZXm4MopYkOGgo5PS55npPQIDAQABoy8wLTAMBgNVHRME
BTADAQH/MB0GA1UdDgQWBBQaYaM75oLU5pe4mdRCh5eweKUYxDANBgkqhkiG9w0B
AQsFAAOCAQEAORqY4eTv6W6OuD6jAa2m81/K7cHLnsh4Q17oSR/fRRgO6TzvW/So
SopRJBfNMqzabZ46H21FmUJ4qkXTp4fRcezGSowteVJsam8/V5J9DMPzXzt5BuSZ
4ykHRQBzyWQDeVToFMF33g0r/blP0BUHplgDk+3guQ6LDSfGWdDT+kOBHayXtmUK
JUMIrg18y8zQVeCrzKVtzbFiJnXJ/DAYA23dRPVOtlIFmBVd0Dv8mvh7nl2MYBHW
cuh4/QMCDT1vwTwy6JfEBgq2bRJS9DBTZFC0x+FouVXGGwiyJ0cX6V511BmI7YWC
5NEMUzsiO0W/DpUBgejIHXikFw7arp3jog==
-----END CERTIFICATE-----

Command History

Release 3, January 2025

This command is introduced.