You have three options for key encryption: 1. No encryption – keys copied over to the server via the file system are not encrypted, but are available for management via the Certificate Management Interface (CMI) described below. 2. Software encryption – keys imported via the CMI are automatically encrypted (PKCS8 format). 3. Hardware encryption – keys imported via a Hardware Security Module (HSM) are encrypted as per the module. While hardware encrypted keys are visible in the CMI, you cannot manage them via that interface.
Certificate Management Via the Certificate Management Interface (CMI) RSA Web Threat Detection SilverTap depends on access to web traffic in order to help detect and prevent fraud. Because most of this web traffic is encrypted, and SilverTap accesses web traffic before it is decrypted, each SilverTap installation requires access to the site’s digital certificates for decrypting in order to analyze the traffic. It is important that as much traffic as possible is decrypted so that Web Threat Detection products can be more effective by analyzing a more complete set of web transactions. The Certificate Management Interface (CMI) shows information for the digital certificates for your site. You can use it to ensure that as much of your site’s traffic is decrypted as possible. Using the CMI, you can add and delete certificates, see which certificates are expired or will be expiring soon, find out which certificates are missing, and export the information in comma separated value (CSV) format.