Fortinet black logo

Secure password storage

Copy Link
Copy Doc ID ab160adc-de78-11ea-96b9-00505692583a:417844
Download PDF

Secure password storage

Passwords, as well as the private keys used in certificates, are encrypted using a pre-defined private key when stored on the FortiAnalyzer, and encoded when displayed in the CLI and configuration file. This ensures that the password cannot be decrypted unless the private key is known, and the password is not displayed in clear text anywhere.

To enhance your password security, you should specify your own private key for the encryption process. This ensures that your key is unique and known only by you. The key is also required on other FortiAnalyzers to restore the system from a configuration file. In HA clusters, the same key should be used on all of the units.

To enable and enter your own private encryption key:

config system global

set private-data-encryption enable

end

Please type your private data encryption key (32 hexadecimal numbers):

0123456789abcdef0123456789abcdef

Please re-enter your private data encryption key (32 hexadecimal numbers) again:

0123456789abcdef0123456789abcdef

Your private data encryption key is accepted.

caution icon

This is an example. Using 0123456789abcdef0123456789abcdef as your private key is not recommended.

Secure password storage

Passwords, as well as the private keys used in certificates, are encrypted using a pre-defined private key when stored on the FortiAnalyzer, and encoded when displayed in the CLI and configuration file. This ensures that the password cannot be decrypted unless the private key is known, and the password is not displayed in clear text anywhere.

To enhance your password security, you should specify your own private key for the encryption process. This ensures that your key is unique and known only by you. The key is also required on other FortiAnalyzers to restore the system from a configuration file. In HA clusters, the same key should be used on all of the units.

To enable and enter your own private encryption key:

config system global

set private-data-encryption enable

end

Please type your private data encryption key (32 hexadecimal numbers):

0123456789abcdef0123456789abcdef

Please re-enter your private data encryption key (32 hexadecimal numbers) again:

0123456789abcdef0123456789abcdef

Your private data encryption key is accepted.

caution icon

This is an example. Using 0123456789abcdef0123456789abcdef as your private key is not recommended.