F5 and SafeNet HSM integration issue.

Question

Tired to integrate our BIGIP F5 VE (version 13.1) with SafeNet HSM: we installed the compatible version HSM client on F5 and get the right F5 HSM license installed.The integration looks good. But when we try to generate a CSR, &nbsp;
(/Common)(tmos) create sys crypto key drtest gen-csr common-name drtest.nonprod.com.au key-size 2048 security-type nethsm Key management library returned bad status: -18, A vendor error has occurred.&nbsp;
we see the error below in ltm log:&nbsp;
Feb 20 10:11:59 npr-lb01-bigip1 err tmsh[29979]: 01960003:3: netHSM: Shared memory error [Failed to fetch result].
Feb 20 10:11:59 npr-lb01-bigip1 err tmsh[29979]: error: fips-codec3 Error generating RSA key pair. FIPS 0xffffffff : Unknown
Feb 20 10:11:59 npr-lb01-bigip1 err tmsh[29979]: 01960003:3: netHSM: Shared memory error [Failed to fetch result].
Feb 20 10:11:59 npr-lb01-bigip1 err tmsh[29979]: error: fips-codec3 Error deleting RSA private key. FIPS 0xffffffff : Unknown
Feb 20 10:11:59 npr-lb01-bigip1 err tmsh[29979]: 01960003:3: netHSM: Shared memory error [Failed to fetch result].
Feb 20 10:11:59 npr-lb01-bigip1 err tmsh[29979]: error: fips-codec3 Error deleting RSA public key. FIPS 0xffffffff : Unknown&nbsp;
Any clue for the issue which we are experiencing? Thanks&nbsp;

flypast · Answer

looks like not many people intergrate F5 with HSM. :(&nbsp;

chris_grant · Answer

There are a couple of possible known issues that might be causing this.  I would make sure you are running the latest release, and if this still continues to be a problem, I would open a case with support.  Once they have identified the cause they can either provide a work around or request a hotfix to resolve.&nbsp;
Unfortunately none of the issues I found had simple work arounds that I can just give you to try.&nbsp;

flypast · Answer

Hi Chris, just raised a support case with F5 technical support. Cheers&nbsp;

ryle · Answer

Hey flypast,&nbsp;Did you ever get a solution for this issue?  I am having what looks like the same issue.

praveenn3 · Answer

https://support.f5.com/csp/article/K05333904bigstart restart restjavad httpd tomcat restnodedbigstart restart pkcs11d&nbsp;Try this to fix the issue.&nbsp;

F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

F5 and SafeNet HSM integration issue.

5 Replies

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

can't access on prem dns when using F5LTM as a gateway

Issue with TLS Version 1.1 Deprecated Protocol

Service discovery is not happening in AS3

Load balanced RDP VIP use in APM

Deleting an AS3 Tenant

Related Content

Identity-centric F5 ADSP Integration Walkthrough

Making Mobile SDK Integration Ridiculously Easy with F5 XC Mobile SDK Integrator

F5 BIG-IP SSL Orchestrator and ReversingLabs Integration Guide

F5 Distributed Cloud Kubernetes Integration: Securing Services with Direct Pod Connectivity

Access Troubleshooting: BIG-IP APM OIDC integration

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS