Manual Chapter : Additional Information

Applies To:

Show Versions Show Versions

BIG-IP AAM

  • 11.6.5, 11.6.4, 11.6.3, 11.6.2, 11.6.1

BIG-IP APM

  • 11.6.5, 11.6.4, 11.6.3, 11.6.2, 11.6.1

BIG-IP GTM

  • 11.6.5, 11.6.4, 11.6.3, 11.6.2, 11.6.1

BIG-IP LTM

  • 11.6.5, 11.6.4, 11.6.3, 11.6.2, 11.6.1

BIG-IP AFM

  • 11.6.5, 11.6.4, 11.6.3, 11.6.2, 11.6.1

BIG-IP ASM

  • 11.6.5, 11.6.4, 11.6.3, 11.6.2, 11.6.1
Manual Chapter

Upgrading the BIG-IP software when using the SafeNet Luna HSM

After a BIG-IP® system software or hotfix upgrade, you must run the SafeNet Luna SA client setup script to restore your default SafeNet configuration. Any local keys and certificates you added to the BIG-IP system configuration before upgrading (using the command tmsh install sys crypto) appear in the upgrade partition, but they are usable only after you run the SafeNet Luna SA client setup script. Keys, certificates, and CSRs created using tmsh are already part of the BIG-IP system configuration, and can be used after running the SafeNet script. If you are restoring the Luna SA client on a VIPRION® system, you run the script only on the primary blade, and then the system propagates the configuration to the additional active blades.

Note: If you will need keys, certificates, or CSRs that were not added to the BIG-IP system configuration, before you upgrade, copy the files into the /shared directory. After the upgrade, copy them back to their appropriate directories in the new partition: /config/ssl/ssl.key/, /config/ssl/ssl.crt, or /config/ssl/ssl.csr.
  1. Log in to the command-line interface of the BIG-IP system using an account with administrator privileges.
  2. Reinstall the Luna SA client on the BIG-IP system, using the parameters you used when you initially installed and registered it.
    nethsm-safenet-install.sh

Uninstalling SafeNet Luna SA components from the BIG-IP system

If you no longer need to use the SafeNet Luna SA HSM on a BIG-IP® system, you should uninstall the files.
  1. Log in to the command-line interface of the system using an account with administrator privileges.
  2. Uninstall the SafeNet client software and clean up SafeNet directories.
    nethsm-safenet-install.sh -u [-v]

nethsm-safenet-install.sh utility options

The nethsm-safenet-install.sh utility includes these options:

Option Description
-f Force reinstall when a connection with the HSM already exists.
-h Display help
-u Uninstall the SafeNet client software and clean up SafeNet directories
-v Verbose output
--hsm_ip_addr=<ip_addr> SafeNet Luna SA HSM IP address(s). For multiple HSMs, use a double-quoted value with space-separated IP addresses.
--hsm_partition_pwd=<password> SafeNet Luna SA HSM user name. Default is admin.
--hsm_username=<user_name> SafeNet Luna SA HSM user name. Default is admin. For multiple HSMs with different user names, use a double-quoted value with space-separated user names in the same order as the corresponding HSM IP address list.
--hsm_ha_group=<group name> Name for the SafeNet HSM HA group, when you are using multiple HSMs in an HA configuration. All HSMs in the HA group must use the same partition password.
--interface=<interface_name> BIG-IP system interface used to communicate with the SafeNet Luna SA HSM. Default is the management interface.
--ip_addr=<client_ip_addr> IP address of the BIG-IP system, as seen by the SafeNet Luna SA HSM
--image=<image_name> SafeNet Luna SA tarball to be installed (for example, Luna_5.2_Client_Software.tar). This file must be stored on the BIG-IP system in /shared/safenet_install.