Forum Discussion
Hannes_Rapp
Apr 01, 2015Nimbostratus
FIPS keys actually are meant to be exportable, and usable, but only on other F5 BigIP systems. In regards to your question, indeed, the FIPS keys were generated on HSM module and they are currently in use in clientssl and serverssl profiles. The method used for generating the keys which can't be exported was not any different. As said, the majority of FIPS keys are usable on other systems, but some FIPS files are either missing or corrupt, even after running the "fipskeys export". Thanks for your response.. so far it appears to be a F5 bug. The FIPS export feature is quite poorly developed on v10.x platform, a lot of FIPS issues are resolved in v11.x but one must try to get there first, without revoking the certificates :)