Fortinet black logo

CLI Reference

system hsm info

system hsm info

Use this command to edit the configuration so that FortiWeb will work with SafeNet Network HSM 7 (hardware security module). The HSM integration allows FortiWeb to retrieve a per-connection SSL session key instead of loading the local private key and certificate.

Because the HSM configuration requires you to upload a server certificate, you can create it using the web UI only. After you create the configuration in the web UI, this command allows you to edit it.

For detailed information on integrating HSM with FortiWeb, see the FortiWeb Administration Guide:

https://docs.fortinet.com/fortiweb/admin-guides

Before you can show or edit HSM configuration in the CLI and access HSM settings in the web UI, use the following command to enable the HSM settings:

config server-policy setting

set high-compatibility-mode enable

set hsm enable

end

To use this command, your administrator account’s access control profile must have either w or rw permission to the sysgrp area. For details, see Permissions.

Syntax

config system hsm info

set ip "<hsm_ipv4>"

set port <port_int>

set timeout <timeout_int>

set filename "<filename_str>"

set register-status {enable| disable}

end

Variable Description Default

ip "<hsm_ipv4>"

Enter the IP address of the HSM.

No default.

port <port_int>

Enter the port where FortiWeb establishes an NTLS connection with the HSM.

1792

timeout <timeout_int>

Enter a timeout value for the connection between HSM and FortiWeb.

No default.

filename "<filename_str>"

Shows the name of the server certificate file from the HSM. You cannot edit this option using the CLI.

No default.

register-status {enable| disable}

Enable to create FortiWeb as a client of the HSM.

disable

Related topics

system hsm info

Use this command to edit the configuration so that FortiWeb will work with SafeNet Network HSM 7 (hardware security module). The HSM integration allows FortiWeb to retrieve a per-connection SSL session key instead of loading the local private key and certificate.

Because the HSM configuration requires you to upload a server certificate, you can create it using the web UI only. After you create the configuration in the web UI, this command allows you to edit it.

For detailed information on integrating HSM with FortiWeb, see the FortiWeb Administration Guide:

https://docs.fortinet.com/fortiweb/admin-guides

Before you can show or edit HSM configuration in the CLI and access HSM settings in the web UI, use the following command to enable the HSM settings:

config server-policy setting

set high-compatibility-mode enable

set hsm enable

end

To use this command, your administrator account’s access control profile must have either w or rw permission to the sysgrp area. For details, see Permissions.

Syntax

config system hsm info

set ip "<hsm_ipv4>"

set port <port_int>

set timeout <timeout_int>

set filename "<filename_str>"

set register-status {enable| disable}

end

Variable Description Default

ip "<hsm_ipv4>"

Enter the IP address of the HSM.

No default.

port <port_int>

Enter the port where FortiWeb establishes an NTLS connection with the HSM.

1792

timeout <timeout_int>

Enter a timeout value for the connection between HSM and FortiWeb.

No default.

filename "<filename_str>"

Shows the name of the server certificate file from the HSM. You cannot edit this option using the CLI.

No default.

register-status {enable| disable}

Enable to create FortiWeb as a client of the HSM.

disable

Related topics