Operational Defect Database
BugZero found this defect 1488 days ago.
Data sources
All data on this page is proprietary to BugZero® or gathered from public sources
F5 | 842137
Keys cannot be created on module protected partitions when strict FIPS mode is set
Last update date:
4/26/2024
Affected products:
BIG-IP
BIG-IP LTM
Affected releases:
14.0.0
14.0.0.1
14.0.0.2
14.0.0.3
14.0.0.4
14.0.0.5
14.0.1
14.0.1.1
14.1.0
14.1.0.1
14.1.0.2
14.1.0.3
Fixed releases:
No fixed releases provided.
Description:
Bug ID 842137: Keys cannot be created on module protected partitions when strict FIPS mode is set ... When the Hardware Security Module (HSM) FIPS mode is set to FIPS 140-2 Level 3 protection, new keys cannot be created in the module's protected partition. ... -- FIPS 140-2 Level 3 protection is configured on a NetHSM partition. -- You attempt to create a FIPS key using that partition. ... Follow these steps to generate a new NetHSM key called 'workaround' and install it into the BIG-IP config: 1. ... Generate the key: [root@bigip1::Active:Standalone] config # fipskey.nethsm --genkey -o workaround -c module WARNING: fipskey.nethsm will soon be deprecated for use with Thales. ... Please switch to using tmsh commands instead. ... tmsh commands... Generate Key: tmsh create sys crypto key <key_name> security-type nethsm [gen-certificate|gen-csr] ... ... For an exhaustive list of options, please consult F5's tmsh documentation. ... For an exhaustive list of options, please consult F5's t...
