The SMS Certificate Key panel displays information about the currently installed certificate
key including the certificate number, key size, and description. The SMS certificate
key is an RSA certificate that contains the serial number used to identify this SMS.
It is also used as the SSL certificate for communication between the SMS client and
the SMS server.
By default, the SMS comes from manufacturing with a 2K (2048 bits), which also uses
stronger
hashing functions.
 |
NoteOnly users with SuperUser
capabilities are able to upgrade the SMS certificate key.
|
Before you upgrade the SMS certificate key, note the following caveats:
- The SMS can obtain the certificate key package automatically from the TMC, or you can import the key from a file.
- Installing the 2K key requires a restart of the SMS. The 2K key will not be in use until you restart the SMS. When you install the 2K key without restarting the SMS, a message will display on the SMS Certificate Key panel.
- After you install the 2K key, you will lose device management functionality on the SMS, if you roll back to TPS devices running TOS v4.0.
For more information, see Roll back to a previous version.
FIPS mode and certificate key size
If the SMS is currently running a 1K key, it will display a message about upgrading
to a 2K key
to be fully FIPS compliant. You can still enable FIPS mode on the SMS without
installing the 2K key, but when the SMS is in FIPS mode, you cannot install the
2K
key. Any SMS device that is running in FIPS Crypto Core mode with a 1K certificate
key cannot be upgraded to SMS v6.1.
High Availability (HA)
When the SMS is configured for HA, keep in mind:
- You cannot install the 2K key in either SMS while the SMS is running in HA. You must first disable the HA cluster, install the 2K key on each SMS, and then reconfigure the SMS HA cluster.
- Both SMS systems in the HA cluster must be running the same key size. For example, the primary SMS cannot be running a 1K key and the secondary SMS be running a 2K key.
For more information, see
SMS High Availability.