For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Using AWS CloudHSM with F5 BIG-IP

A hardware security module (HSM) is a computing device that processes cryptographic operations and provides secure storage for cryptographic keys. HSM devices are sold by many vendors for installatio...
Published Jul 22, 2025
Version 1.0
aws
cloud
hsm
ezizzi's avatar
ezizzi
Icon for Nimbostratus rankNimbostratus
Aug 05, 2025

On the older version of the HSM client which is not required any longer, we could login to the HSM as CO/CU to manage and remove certs, does the new SDK enable F5 interaction for the certs where delete will actually remove them? If not, without a client, how can we clean/validate existing certs on CloudHSM?

  • Doug_Gallarda's avatar
    Doug_Gallarda
    Icon for Employee rankEmployee
    Aug 05, 2025

    Yes, there is a CLI for CloudHSM SDK 5 and it does run on BIG-IP. Here's how you install it:

    curl -O https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/EL7/cloudhsm-cli-latest.el7.x86_64.rpm
rpm -ivh cloudhsm-cli-latest.el7.x86_64.rpm
/opt/cloudhsm/bin/configure-cli -a <IP address of HSM>

    Docs for the CloudHSM CLI