F5 and SafeNet HSM integration issue.

Question

Tired to integrate our BIGIP F5 VE (version 13.1) with SafeNet HSM: we installed the compatible version HSM client on F5 and get the right F5 HSM license installed.The integration looks good. But when we try to generate a CSR, &nbsp;
(/Common)(tmos) create sys crypto key drtest gen-csr common-name drtest.nonprod.com.au key-size 2048 security-type nethsm Key management library returned bad status: -18, A vendor error has occurred.&nbsp;
we see the error below in ltm log:&nbsp;
Feb 20 10:11:59 npr-lb01-bigip1 err tmsh[29979]: 01960003:3: netHSM: Shared memory error [Failed to fetch result].
Feb 20 10:11:59 npr-lb01-bigip1 err tmsh[29979]: error: fips-codec3 Error generating RSA key pair. FIPS 0xffffffff : Unknown
Feb 20 10:11:59 npr-lb01-bigip1 err tmsh[29979]: 01960003:3: netHSM: Shared memory error [Failed to fetch result].
Feb 20 10:11:59 npr-lb01-bigip1 err tmsh[29979]: error: fips-codec3 Error deleting RSA private key. FIPS 0xffffffff : Unknown
Feb 20 10:11:59 npr-lb01-bigip1 err tmsh[29979]: 01960003:3: netHSM: Shared memory error [Failed to fetch result].
Feb 20 10:11:59 npr-lb01-bigip1 err tmsh[29979]: error: fips-codec3 Error deleting RSA public key. FIPS 0xffffffff : Unknown&nbsp;
Any clue for the issue which we are experiencing? Thanks&nbsp;

flypast · Answer

looks like not many people intergrate F5 with HSM. :(&nbsp;

chris_grant · Answer

There are a couple of possible known issues that might be causing this.  I would make sure you are running the latest release, and if this still continues to be a problem, I would open a case with support.  Once they have identified the cause they can either provide a work around or request a hotfix to resolve.&nbsp;
Unfortunately none of the issues I found had simple work arounds that I can just give you to try.&nbsp;

flypast · Answer

Hi Chris, just raised a support case with F5 technical support. Cheers&nbsp;

ryle · Answer

Hey flypast,&nbsp;Did you ever get a solution for this issue?  I am having what looks like the same issue.

praveenn3 · Answer

https://support.f5.com/csp/article/K05333904bigstart restart restjavad httpd tomcat restnodedbigstart restart pkcs11d&nbsp;Try this to fix the issue.&nbsp;

Forum Discussion

F5 and SafeNet HSM integration issue.

5 Replies

Security Best Practices for F5 Products

F5 AppWorld 2026 Registration - early bird pricing.

Kostas Injeyan - October 2025 Featured Member

Recent Discussions

APM VPN LDAP POOL can't contact ldap server.

Cannot ping external interface

Disastser Recovery

F5 breaking Exchange authentication

Dump all host running services during APM logon

Related Content

Identity-centric F5 ADSP Integration Walkthrough

Making Mobile SDK Integration Ridiculously Easy with F5 XC Mobile SDK Integrator

F5 BIG-IP AFM and FireMon Integration Guide

Access Troubleshooting: BIG-IP APM OIDC integration

F5 BIG-IP SSL Orchestrator and Reversing Labs Integration Guide

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS