F5 | 758491

Bug ID 758491: When using NetHSM integration, after upgrade to 14.1.0 or later (or creating keys using fipskey.nethsm), BIG-IP cannot use the keys ... Last Modified: Apr 26, 2024 ... Conditions ... 1. Keys were created on earlier versions of BIG-IP software, no matter if using tmsh (Safenet) or using fipskey.nethsm (Thales, Safenet) and the device was upgraded to 14.1.0 or later. ... 2. Keys were created on BIG-IP v14.1.0 or later directly, using fipskey.nethsm (Thales). ... For Safenet, fipskey.nethsm was deprecated in 14.0.0. ... Workaround ... There are two workarounds: -- Re-create the keys using tmsh command. ... IMPORTANT: This workaround is suitable for deployments that are new and not in production. -- Re-import the keys from nethsm using: tmsh install sys crypto key <key_label> from-nethsm You can find the key_label here: -- The rightmost string in the output of the Thales command: nfkminfo -l -- The string after label= in the 'cmu list' command for Safenet. ... Fix Informa...