Moving FIPS keys from 8900 to 10200
Hello, According to DOC, it seems likely FIPS-2 keys sync is not possible between 8900 and 10200 due to FIPS hardware difference (no exact platform mention, but it's close enough): https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/bigip-platform-fips-administration.pdf?sr=32944290 Important: Because of hardware differences, it is not possible to synchronize security domains between the newer platforms(10000/11000/11050 platforms) and older platforms (6900/8900platforms). Q: Assuming identical software version and security world configuration - is there an alternate way to move FIPS keys from 8900 to 10200? Regards,
Unable to import SSL Keys in FIPS
Hi F5 Community ! I have to upgrade hadware of a LTM cluster. FIPS is enabled on this platforms. I have activated the FIPS on the new cluster. When i try to import SSL keys on the new BIGIP from the old cluster, every keys in FIPS mode can not be imported on the new appliance. I 'm getting this following message on the GUI and in SSH: Dec 7 12:29:22 Fips-1 err mcpd[7623]: 010713e4:3: FIPS subsystem reported error while attempting file object operation: import_key_file: failed to open key file(s) /config/ssl/ssl.cavfips/.exp, /config/ssl/ssl.cavfips/.exp, /config/ssl/ssl.cavfips/.key.exp. Dec 7 12:29:22 Fips-1 err mcpd[7623]: 01070712:3: Caught configuration exception (0), unable to import key (/Common/****.key) in FIPS card. Did you meet this type of error ? And if yes what is the workaround. Thanks for your help B.
