FIPS: Attempting to convert a v10 FIPs key to v11 via tmsh

Question

Im hoping anyone has experience out there to convert a FIPs key via tmsh.  The issues I am running into is the actual unique identifier.  &nbsp;
For example:&nbsp;
/config/filestore/files_d/Common_d/certificate_d/certname_12345_1.  "12345_1" being the unique identifier.  &nbsp;
Im trying to avoid converting the key via gui and looking for any option to run it on tmsh.&nbsp;
tia&nbsp;

r_marc · Answer

I've never run version 10 (started on 11.4) but the FIPs stuff, from my experience, is not driven by TMSH, but rather the underlying hardware's firmware and API. The key material is not in a file, though there's a key pointer (I'm assuming they use an openssl engine, but that's just speculation). The Cert, however, isn't stored in hardware so is just like any non-fips key (a PEM encoded key) I've had no issue with keys from version 11.4 to 12.0 (I've had FIPs issues, don't get me wrong..but it's had more to do with the peculiarities of the firmware on the HSM, not with TMSH...specifically around key name length).

Forum Discussion

FIPS: Attempting to convert a v10 FIPs key to v11 via tmsh

1 Reply

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

error code 503 redirect irule

Curl 7.10.5 < 8.12.0 Integer Overflow (CVE-2025-0725)

OWA File Upload URIs for WAF Bypass

F5 AWAF/ASM learning only from Trusted traffic?

F5OS VLAN naming length restrictions

Related Content

Breaking Down the Quantum Challenge: TLS Cipher Suite Vulnerabilities and FIPS Post-Quantum Standards Explained

Attempting the new path to BIG-IP Certified Administrator

NGINX Plus R35 for Federal Environments: FIPS-Compliant algorithms with ACME Certificates in AWS

Detect and stop exfiltration attempts with F5 Distributed Cloud App Infrastructure Protection

Alteon Config Converter

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS