Forum Discussion
F5 and SafeNet HSM integration issue.
Tired to integrate our BIGIP F5 VE (version 13.1) with SafeNet HSM: we installed the compatible version HSM client on F5 and get the right F5 HSM license installed.The integration looks good. But when we try to generate a CSR,
(/Common)(tmos) create sys crypto key drtest gen-csr common-name drtest.nonprod.com.au key-size 2048 security-type nethsm Key management library returned bad status: -18, A vendor error has occurred.
we see the error below in ltm log:
Feb 20 10:11:59 npr-lb01-bigip1 err tmsh[29979]: 01960003:3: netHSM: Shared memory error [Failed to fetch result]. Feb 20 10:11:59 npr-lb01-bigip1 err tmsh[29979]: error: fips-codec3 Error generating RSA key pair. FIPS 0xffffffff : Unknown Feb 20 10:11:59 npr-lb01-bigip1 err tmsh[29979]: 01960003:3: netHSM: Shared memory error [Failed to fetch result]. Feb 20 10:11:59 npr-lb01-bigip1 err tmsh[29979]: error: fips-codec3 Error deleting RSA private key. FIPS 0xffffffff : Unknown Feb 20 10:11:59 npr-lb01-bigip1 err tmsh[29979]: 01960003:3: netHSM: Shared memory error [Failed to fetch result]. Feb 20 10:11:59 npr-lb01-bigip1 err tmsh[29979]: error: fips-codec3 Error deleting RSA public key. FIPS 0xffffffff : Unknown
Any clue for the issue which we are experiencing? Thanks
- flypastAltostratus
looks like not many people intergrate F5 with HSM. :(
- Chris_GrantEmployee
There are a couple of possible known issues that might be causing this. I would make sure you are running the latest release, and if this still continues to be a problem, I would open a case with support. Once they have identified the cause they can either provide a work around or request a hotfix to resolve.
Unfortunately none of the issues I found had simple work arounds that I can just give you to try.
- flypastAltostratus
Hi Chris, just raised a support case with F5 technical support. Cheers
- RyLeNimbostratus
Hey flypast,
Did you ever get a solution for this issue? I am having what looks like the same issue.
- Praveenn3Nimbostratus
https://support.f5.com/csp/article/K05333904
bigstart restart restjavad httpd tomcat restnoded
bigstart restart pkcs11dTry this to fix the issue.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com