F5 Logo MyF5
Search
  1. MyF5 Home
  2. Platform Guide: VELOS CX Series
  3. Remove sensitive data from an embedded hardware security module (HSM) on BIG-IP systems
Manual Chapter : Remove sensitive data from an embedded hardware security module (HSM) on BIG-IP systems

Applies To:

Show Versions Show Versions
Manual Chapter

Remove sensitive data from an embedded hardware security module (HSM) on BIG-IP systems

If your BIG-IP system includes an embedded hardware security module (HSM), also referred to as a FIPS card, you can remove the sensitive customer data from HSM before returning it to F5.
The HSM cannot be removed from the platform.
  1. Log in to the command line of the system using an account with root access.
  2. Delete all key/certificate pairs.
    tmsh sys crypto cert delete all
    This removes all
    .crt
    ,
    .exp
    , and
    .key
     files from the system.
  3. Initialize the HSM and reconfigure it using fictitious data.
    run util fips-util -f init
    The
    -f
     option forces initialization, which deletes all user-generated keys.
    For more information on using this command on a FIPS platform, see
    BIG-IP Platform: FIPS Administration
    .
    This deletes all keys and makes any previously exported keys unusable.
Contact Support Contact Support

Have a Question?

Support and Sales >

About F5

Education

F5 Sites

Support Tasks




©2023 F5, Inc. All rights reserved.


Trademarks Policies Privacy California Privacy Do Not Sell My Personal Information