Manual Chapter :
Remove sensitive data from an embedded hardware security
module (HSM) on BIG-IP systems
Applies To:
Show Versions![Show Versions](/etc/designs/pcx/techdocs/images/expandversions.gif)
Remove sensitive data from an embedded hardware security
module (HSM) on BIG-IP systems
If your BIG-IP system includes an
embedded hardware security module (HSM), also referred to as a FIPS card, you
can remove the sensitive customer data from HSM before returning it to F5.
The HSM cannot be removed from the platform.
- Log in to the command line of the system using an account with root access.
- Delete all key/certificate pairs.tmsh sys crypto cert delete allThis removes all.crt,.exp, and.keyfiles from the system.
- Initialize the HSM and reconfigure it using fictitious data.run util fips-util -f initThe-foption forces initialization, which deletes all user-generated keys.For more information on using this command on a FIPS platform, seeBIG-IP Platform: FIPS Administration.This deletes all keys and makes any previously exported keys unusable.