Enable vTPM
TPM should be enabled when you initially install FortiPAM. If you enable TPM after secrets have been configured on FortiPAM, secret credentials may be corrupted. |
On FortiPAM-VM, TPM can only be enabled after enabling vTPM. |
To enable vTPM on FortiPAM-VM:
- In the CLI console, enter the following commands:
config system global
set v-tpm enable
end
To enable TPM on FortiPAM-VM:
FortiPAM must be in maintenance mode to change TPM settings.
- In the CLI console, enter the following commands:
config sys maintenance
set mode enable
end
config system global
set private-data-encryption enable
end
Be carefull!!!This operation will refresh all ciphered data!
Backup the current configuration file at first!
Do you want to continue? (y/n)y
Please type your private data encryption key (32 hexadecimal numbers):
0123456789abcdef0123456789abcdef
Please re-enter your private data encryption key (32 hexadecimal numbers) again:
0123456789abcdef0123456789abcdef
Your private data encryption key is accepted.
The key must be the same for data restoration between source FortiPAM and destination FortiPAM.
To disable TPM:
- In the CLI console, enter the following commands:
config sys maintenance
set mode enable
end
config system global
set private-data-encryption disable
end
Be carefull!!!This operation will refresh all ciphered data!
+Backup the current configuration file at first!
+Do you want to continue? (y/n)y
For FortiPAM-VM, vTPM should be disabled after disabling TPM.
To disable vTPM for FortiPAM-VM:
- In the CLI console, enter the following commands:
config system global
set v-tpm disable
end
This operation will stop using vTPM module
Do you want to continue? (y/n)y