The passive-attack-protection-only keyring is generated when the appliance starts for the first time and not generally used in production. The keyring is tagged to a Device Profile called “passive-attack-protection-only” and is sometimes used for Secure ADN encryption with no endpoint authentication. This profile and the keyring cannot be removed or updated.

The only way to keep this keyring valid is to reset the appliance to factory defaults. This creates a new passive-attack-protection-only keyring with a validity of 2 years.