Forum Discussion

flypast's avatar
flypast
Icon for Altostratus rankAltostratus
Feb 19, 2018

F5 and SafeNet HSM integration issue.

Tired to integrate our BIGIP F5 VE (version 13.1) with SafeNet HSM: we installed the compatible version HSM client on F5 and get the right F5 HSM license installed.The integration looks good. But when we try to generate a CSR,

 

(/Common)(tmos) create sys crypto key drtest gen-csr common-name drtest.nonprod.com.au key-size 2048 security-type nethsm Key management library returned bad status: -18, A vendor error has occurred.

 

we see the error below in ltm log:

 

Feb 20 10:11:59 npr-lb01-bigip1 err tmsh[29979]: 01960003:3: netHSM: Shared memory error [Failed to fetch result]. Feb 20 10:11:59 npr-lb01-bigip1 err tmsh[29979]: error: fips-codec3 Error generating RSA key pair. FIPS 0xffffffff : Unknown Feb 20 10:11:59 npr-lb01-bigip1 err tmsh[29979]: 01960003:3: netHSM: Shared memory error [Failed to fetch result]. Feb 20 10:11:59 npr-lb01-bigip1 err tmsh[29979]: error: fips-codec3 Error deleting RSA private key. FIPS 0xffffffff : Unknown Feb 20 10:11:59 npr-lb01-bigip1 err tmsh[29979]: 01960003:3: netHSM: Shared memory error [Failed to fetch result]. Feb 20 10:11:59 npr-lb01-bigip1 err tmsh[29979]: error: fips-codec3 Error deleting RSA public key. FIPS 0xffffffff : Unknown

 

Any clue for the issue which we are experiencing? Thanks

 

  • looks like not many people intergrate F5 with HSM. :(

     

  • There are a couple of possible known issues that might be causing this. I would make sure you are running the latest release, and if this still continues to be a problem, I would open a case with support. Once they have identified the cause they can either provide a work around or request a hotfix to resolve.

     

    Unfortunately none of the issues I found had simple work arounds that I can just give you to try.

     

  • Hi Chris, just raised a support case with F5 technical support. Cheers

     

  • RyLe's avatar
    RyLe
    Icon for Nimbostratus rankNimbostratus

    Hey flypast,

     

    Did you ever get a solution for this issue? I am having what looks like the same issue.