Failure in Exporting FIPS Private Keys
I'm attempting to export a FIPS private key but an error is returned. Apparently something is wrong with the file name. Are there any workarounds to have the FIPS private key (.exp) file exported? The majority of the FIPS private keys can be exported without any problems, some of the FIPS keys fail to export. F5 version: 10.2.4 Fips: 140 [root@bigip1:Active] site-packages fipskey export SDPO_qa.asd.asd.com.key f5km_export: error 17 - Invalid filename. Filenames may only contain the following characters: [A-Za-z][0-9].-_/ Support case with F5 opened. Hopyefully we can resolve the issue. Meanwhile if someone has had any experience with similar issues, feel free to recommend your solutions 😉Migrating FIPS private keys from 10.2.4 to 11.5.1
Are there any known methods to successfully install the FIPS keys (as exported from v10.2.4) to v11.5.1? The hardware platform remains the same. Error received: root@(bigip1)(cfg-sync Standalone)(Active)(/Common)(tmos) install sys crypto key TEST from-local-file TEST.exp security-type fips Key management library returned bad status: -18, ERR_ARGUMENTS_BAD The error I'm receiving in v11.5.1 is the same regardless if an installation/import attempt is made via GUI or TMSH (CLI). The same (TEST.exp) file imports to another v10.2.4 installation without any problems. 1) Fips module is successfully initialized on v11.5.1 2) HW Platform: 8900 3) Fips: 140 [root@bigip1:Active:Standalone] ssl.cavfips fipsutil info Label: F5FIPS HSM Serial Number: 8100959 Hardware ID: 0x0 Firmware Version: 4.7.1 Total FLASH: 14286412 Free FLASH: 14285172 Total SRAM: 16984948 Free SRAM: 16981876SafeNet vs Thales (FIPS) with F5 Advice?
Doesanybody have any advice or pros and cons of Thales vs. Safenet? I know both are good but have a customer that is looking to decide between the two. Any advice on which should be used or certain environments, what should be the determining factor, etc... would be most helpful. Again, I know both are good products that F5 partners with but looking for scenarios on when to use one vs the other. Thanks