My Support
  1. AskF5 Home
  2. Knowledge Center
  3. Platform Guide: i2000/i4000 Series
  4. Remove sensitive data from an embedded hardware security module (HSM) on BIG-IP systems
Manual Chapter : Remove sensitive data from an embedded hardware security module (HSM) on BIG-IP systems

Applies To:

Show Versions Show Versions

BIG-IP AAM

  • 15.1.2, 15.1.1, 15.0.1, 15.0.0, 14.1.3, 14.1.2, 14.1.0, 14.0.1, 14.0.0, 13.1.5, 13.1.4, 13.1.3, 13.1.1, 13.1.0, 12.1.4, 12.1.3

BIG-IP APM

  • 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.4, 14.1.3, 14.1.2, 14.1.0, 14.0.1, 14.0.0, 13.1.5, 13.1.4, 13.1.3, 13.1.1, 13.1.0, 12.1.4, 12.1.3

BIG-IP Analytics

  • 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.4, 14.1.3, 14.1.2, 14.1.0, 14.0.1, 14.0.0, 13.1.5, 13.1.4, 13.1.3, 13.1.1, 13.1.0, 12.1.4, 12.1.3

BIG-IP LTM

  • 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.4, 14.1.3, 14.1.2, 14.1.0, 14.0.1, 14.0.0, 13.1.5, 13.1.4, 13.1.3, 13.1.1, 13.1.0, 12.1.4, 12.1.3

BIG-IP AFM

  • 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.4, 14.1.3, 14.1.2, 14.1.0, 14.0.1, 14.0.0, 13.1.5, 13.1.4, 13.1.3, 13.1.1, 13.1.0, 12.1.4, 12.1.3

BIG-IP PEM

  • 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.4, 14.1.3, 14.1.2, 14.1.0, 14.0.1, 14.0.0, 13.1.5, 13.1.4, 13.1.3, 13.1.1, 13.1.0, 12.1.4, 12.1.3

BIG-IP DNS

  • 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.4, 14.1.3, 14.1.2, 14.1.0, 14.0.1, 14.0.0, 13.1.5, 13.1.4, 13.1.3, 13.1.1, 13.1.0, 12.1.4, 12.1.3

BIG-IP ASM

  • 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.4, 14.1.3, 14.1.2, 14.1.0, 14.0.1, 14.0.0, 13.1.5, 13.1.4, 13.1.3, 13.1.1, 13.1.0, 12.1.4, 12.1.3
Manual Chapter

Remove sensitive data from an embedded hardware security module (HSM) on BIG-IP systems

If your BIG-IP system includes an embedded hardware security module (HSM), also referred to as a FIPS card, you can remove the sensitive customer data from HSM before returning it to F5.
The HSM cannot be removed from the platform.
  1. Log in to the command line of the system using an account with root access.
  2. Delete all key/certificate pairs.
    tmsh sys crypto cert delete all
    This removes all
    .crt
    ,
    .exp
    , and
    .key
     files from the system.
  3. Initialize the HSM and reconfigure it using fictitious data.
    run util fips-util -f init
    The
    -f
     option forces initialization, which deletes all user-generated keys.
    For more information on using this command on a FIPS platform, see
    BIG-IP Platform: FIPS Administration
    .
    This deletes all keys and makes any previously exported keys unusable.

Have a Question?

Support and Sales >

About F5

Education

F5 Sites

Support Tasks

©2021 F5, Inc. All rights reserved.

Trademarks Policies Privacy California Privacy Do Not Sell My Personal Information