Manual Chapter :
FIPS/HSM Common Elements
Applies To:
Show VersionsBIG-IP AAM
- 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0
BIG-IP APM
- 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0
BIG-IP LTM
- 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0
BIG-IP AFM
- 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0
BIG-IP DNS
- 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0
BIG-IP ASM
- 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0
FIPS/HSM Common Elements
You can use the Traffic Management Shell (
tmsh
) to import
existing certificates into the system.- Log in to the command-line interface of the system using an account with administrator privileges.
- Log in to the command-line interface of the BIG-IP system using an account with administrator privileges.
- Set the external HSM to Thales nShield Connect.fipskey.nethsm --hsm=Thales
- Add the certificate.install sys crypto cert<cert_object_name>from-local-file<path_to_cert_file>This example loads the certificate namedmy_key.crtfrom a local certificate file stored in the/config/ssl/ssl.crt/directory:install sys crypto cert my_key.crt from-local-file /config/ssl/ssl.crt/my_key.crt
- Load the key.install sys crypto key <key_object_name> from-local-file <keyname>This example loads the external HSM key namedmy_key.keyfrom a local key file stored in the/config/ssl/ssl.key/directory:install sys crypto key my_key.key from-local-file /config/ssl/ssl.key/my_key.key
After you generate a key and certificates, you need to
load the local key into the BIG-IP configuration using
tmsh
.