safenet
4 TopicsF5 and SafeNet HSM integration
As f5 doc suggest we can use fipskey.nethsm to create key/CSR/certificate as below: Generating a key/certificate using the fipskey.nethsm utilityBefore you generate a key/certificate, make sure that the SafeNet Luna SA client is running on the BIG-IP® system.You can use the fipskey.nethsm utility to generate private keys and self-signed certificates on the BIG-IP system.Display the available options.fipskey.nethsm --helpGenerate the key, using any options you need.fipskey.nethsm --genkey -o This example generates the three files that follow: fipskey.nethsm --genkey -o siterequest /config/ssl/ssl.key/siterequest.key /config/ssl/ssl.csr/siterequest.csr /config/ssl/ssl.crt/siterequest.crt The key is saved in /config/ssl/ssl.key/.key. The certificate request is saved in /config/ssl/ssl.csr/.csr. The self-signed certificate is saved in /config/ssl/ssl.crt/.crt. After you generate keys and certificates, you need to add the local key to the BIG-IP configuration using tmsh. The local key points to the HSM key, which resides in the HSM. I am a bit of confused with the above. My question is: is "siterequest.key" local key which is used by F5 LTM to access the real private key stored on HSM.308Views1like0Comments