FIPS card status

Question

Hello.&nbsp;
I'm wondering if there is any way to see, whether or not the FIPS card is operational via iControl REST API.&nbsp;
If REST API doesn't provide that information, I'm interested if it can be obtain by any other means (for example, SNMP).&nbsp;
I also found this thread (https://devcentral.f5.com/questions/fips-card-how-to-tell-if-it-has-been-initialised) where the fipsutil command is mentioned. Does anyone know which error code is returned if FIPS card is not initialized and if it is initialized (I suspect this should be error code 0)?&nbsp;
Thank you.&nbsp;

jaikumar_f5 · Answer

If its a Non FIPS box,
fipsutil info
No supported FIPS device found

If its a FIPS box,
fipsutil info
Label:             F5FIPS
HSM Serial Number: xxxxxxx

If the box is already FIPS initialized,
fipsutil init
HSM already initialized

If the box is NOT FIPS initialized, running the below command would start initializing, followed by asking the SO/DO pwds.
fipsutil init
NFB Initialization Process

WARNING - all private keys in NFB will be erased after SO password is entered!
Any configuration objects dependent on FIPS keys will cause the configuration fail to load.
Passwords must be at least 7 characters in length.
Enter no password if you instead wish to cancel.

New SO Password:
Re-enter new SO Password:

Forum Discussion

FIPS card status

Recent Discussions

VS FORWARDING & ROUTE

Diameter iRules attachment?

Source IP F5 DNS Zone Forwarder

F5 BIG-IP

BIG-IP Oauth Client and AS

Related Content

OWASP Automated Threats - OAT-001 Carding

FIPS license and fipsutil info

Credit Card Scrubber

Check a Virtual Server's SSL Status

Configuring Smart Card Authentication to BIG-IP Management Interface

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS