Thales integration

Question

I'm trying to understand how F5 uses the Thales HSM. It would appear to me that the F5 &nbsp;
(a) generates a key pair without using the HSM, storing locally (b) imports the private key only into the Thales HSM Security World&nbsp;
Given this understanding, I'm trying to understand the benefit derived from using the Thales HSM?&nbsp;
(a) The HSM hardware isn't being used for random number generation! (b) The private key exists out with the HSM Security World!&nbsp;
Seems less than ideal to me? or am I missing something?&nbsp;

kevin_stewart · Answer

An incorrect assumption.&nbsp;
The integration allows the BIG-IP to access key functions of the Thales, so key generation is actually happening on the Thales itself, and the "key" in the BIG-IP keystore is simply a pointer to the Thales protected key. Here's more information:&nbsp;
https://support.f5.com/content/kb/en-us/products/big-ip_ltm/manuals/product/bigip-fips-thales-12-0-0/_jcr_content/pdfAttach/download/file.res/BIG-IP_System_and_Thales_HSM__Implementation.pdf&nbsp;

Forum Discussion

Thales integration

1 Reply

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

2026 301a exam

UCS Encryption Question

Unblock Request WAF

VIP is not responding on SYN after enabling other modules like ASM, APM and AFM.

VIP in https that redirect to another vip in https

Related Content

Identity-centric F5 ADSP Integration Walkthrough

Making Mobile SDK Integration Ridiculously Easy with F5 XC Mobile SDK Integrator

F5 BIG-IP SSL Orchestrator and ReversingLabs Integration Guide

F5 Distributed Cloud Kubernetes Integration: Securing Services with Direct Pod Connectivity

Integrating the F5 BIGIP with Azure Sentinel

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS