Manual Chapter : FIPS/HSM Common Elements

Applies To:

Show Versions Show Versions

BIG-IP DNS

  • 15.0.0

BIG-IP AFM

  • 15.0.0

BIG-IP ASM

  • 15.0.0

BIG-IP AAM

  • 15.0.0

BIG-IP APM

  • 15.0.0

BIG-IP LTM

  • 15.0.0
Manual Chapter

FIPS/HSM Common Elements

You can use the Traffic Management Shell (
tmsh
) to import existing certificates into the system.
  1. Log in to the command-line interface of the system using an account with administrator privileges.
  2. Log in to the command-line interface of the BIG-IP system using an account with administrator privileges.
  3. Set the external HSM to Thales nShield Connect.
    fipskey.nethsm --hsm=Thales
  4. Add the certificate.
    install sys crypto cert
    <cert_object_name>
    from-local-file
    <path_to_cert_file>
    This example loads the certificate named
    my_key.crt
    from a local certificate file stored in the
    /config/ssl/ssl.crt/
    directory:
    install sys crypto cert my_key.crt from-local-file /config/ssl/ssl.crt/my_key.crt
  5. Load the key.
    install sys crypto key <
    key_object_name
    > from-local-file <
    keyname
    >
    This example loads the external HSM key named
    my_key.key
    from a local key file stored in the
    /config/ssl/ssl.key/
    directory:
    install sys crypto key my_key.key from-local-file /config/ssl/ssl.key/my_key.key
After you generate a key and certificates, you need to load the local key into the BIG-IP configuration using
tmsh
.