Tired to integrate our BIGIP F5 VE (version 13.1) with SafeNet HSM: we installed the compatible version HSM client on F5 and get the right F5 HSM license installed.The integration looks good. But when we try to generate a CSR,
(/Common)(tmos) create sys crypto key drtest gen-csr common-name drtest.nonprod.com.au key-size 2048 security-type nethsm Key management library returned bad status: -18, A vendor error has occurred.
we see the error below in ltm log:
Feb 20 10:11:59 npr-lb01-bigip1 err tmsh[29979]: 01960003:3: netHSM: Shared memory error [Failed to fetch result].
Feb 20 10:11:59 npr-lb01-bigip1 err tmsh[29979]: error: fips-codec3 Error generating RSA key pair. FIPS 0xffffffff : Unknown
Feb 20 10:11:59 npr-lb01-bigip1 err tmsh[29979]: 01960003:3: netHSM: Shared memory error [Failed to fetch result].
Feb 20 10:11:59 npr-lb01-bigip1 err tmsh[29979]: error: fips-codec3 Error deleting RSA private key. FIPS 0xffffffff : Unknown
Feb 20 10:11:59 npr-lb01-bigip1 err tmsh[29979]: 01960003:3: netHSM: Shared memory error [Failed to fetch result].
Feb 20 10:11:59 npr-lb01-bigip1 err tmsh[29979]: error: fips-codec3 Error deleting RSA public key. FIPS 0xffffffff : Unknown
Any clue for the issue which we are experiencing? Thanks
There are a couple of possible known issues that might be causing this. I would make sure you are running the latest release, and if this still continues to be a problem, I would open a case with support. Once they have identified the cause they can either provide a work around or request a hotfix to resolve.
Unfortunately none of the issues I found had simple work arounds that I can just give you to try.
