Manual Chapter :
Remove
sensitive data from an embedded hardware security module (HSM)
Applies To:
Show Versions
BIG-IP AAM
- 15.0.1, 15.0.0, 14.1.2, 14.1.0, 14.0.1, 14.0.0, 13.1.3, 13.1.1, 13.1.0, 12.1.4, 12.1.3
BIG-IP APM
- 16.0.0, 15.1.0, 15.0.1, 15.0.0, 14.1.2, 14.1.0, 14.0.1, 14.0.0, 13.1.3, 13.1.1, 13.1.0, 12.1.4, 12.1.3
BIG-IP Analytics
- 16.0.0, 15.1.0, 15.0.1, 15.0.0, 14.1.2, 14.1.0, 14.0.1, 14.0.0, 13.1.3, 13.1.1, 13.1.0, 12.1.4, 12.1.3
BIG-IP LTM
- 16.0.0, 15.1.0, 15.0.1, 15.0.0, 14.1.2, 14.1.0, 14.0.1, 14.0.0, 13.1.3, 13.1.1, 13.1.0, 12.1.4, 12.1.3
BIG-IP AFM
- 16.0.0, 15.1.0, 15.0.1, 15.0.0, 14.1.2, 14.1.0, 14.0.1, 14.0.0, 13.1.3, 13.1.1, 13.1.0, 12.1.4, 12.1.3
BIG-IP PEM
- 16.0.0, 15.1.0, 15.0.1, 15.0.0, 14.1.2, 14.1.0, 14.0.1, 14.0.0, 13.1.3, 13.1.1, 13.1.0, 12.1.4, 12.1.3
BIG-IP DNS
- 16.0.0, 15.1.0, 15.0.1, 15.0.0, 14.1.2, 14.1.0, 14.0.1, 14.0.0, 13.1.3, 13.1.1, 13.1.0, 12.1.4, 12.1.3
BIG-IP ASM
- 16.0.0, 15.1.0, 15.0.1, 15.0.0, 14.1.2, 14.1.0, 14.0.1, 14.0.0, 13.1.3, 13.1.1, 13.1.0, 12.1.4, 12.1.3
Remove
sensitive data from an embedded hardware security module (HSM)
If the system includes an embedded
hardware security module (HSM), also referred to as a FIPS card, you can
remove the sensitive customer data from HSM before returning it to F5.
The HSM cannot be removed from the platform.
- Log in to the command line of the system using an account with root access.
- Delete all key/certificate pairs.tmsh sys crypto cert delete allThis removes all.crt,.exp, and.keyfiles from the system.
- Initialize the HSM and reconfigure it using fictitious data.run util fips-util -f initThe-foption forces initialization, which deletes all user-generated keys.For more information on using this command on a FIPS platform, seeBIG-IP® Platform: FIPS Administration.This deletes all keys and makes any previously exported keys unusable.
