19-Feb-2018 14:22
Tired to integrate our BIGIP F5 VE (version 13.1) with SafeNet HSM: we installed the compatible version HSM client on F5 and get the right F5 HSM license installed.The integration looks good. But when we try to generate a CSR,
(/Common)(tmos) create sys crypto key drtest gen-csr common-name drtest.nonprod.com.au key-size 2048 security-type nethsm Key management library returned bad status: -18, A vendor error has occurred.
we see the error below in ltm log:
Feb 20 10:11:59 npr-lb01-bigip1 err tmsh[29979]: 01960003:3: netHSM: Shared memory error [Failed to fetch result]. Feb 20 10:11:59 npr-lb01-bigip1 err tmsh[29979]: error: fips-codec3 Error generating RSA key pair. FIPS 0xffffffff : Unknown Feb 20 10:11:59 npr-lb01-bigip1 err tmsh[29979]: 01960003:3: netHSM: Shared memory error [Failed to fetch result]. Feb 20 10:11:59 npr-lb01-bigip1 err tmsh[29979]: error: fips-codec3 Error deleting RSA private key. FIPS 0xffffffff : Unknown Feb 20 10:11:59 npr-lb01-bigip1 err tmsh[29979]: 01960003:3: netHSM: Shared memory error [Failed to fetch result]. Feb 20 10:11:59 npr-lb01-bigip1 err tmsh[29979]: error: fips-codec3 Error deleting RSA public key. FIPS 0xffffffff : Unknown
Any clue for the issue which we are experiencing? Thanks
24-Feb-2018 15:58
There are a couple of possible known issues that might be causing this. I would make sure you are running the latest release, and if this still continues to be a problem, I would open a case with support. Once they have identified the cause they can either provide a work around or request a hotfix to resolve.
Unfortunately none of the issues I found had simple work arounds that I can just give you to try.
20-Sep-2022 08:34
https://support.f5.com/csp/article/K05333904
bigstart restart restjavad httpd tomcat restnoded
bigstart restart pkcs11d
Try this to fix the issue.