Manual :
BIG-IP System and Thales HSM: Implementations
Applies To:
Show VersionsBIG-IP AAM
- 11.6.4, 11.6.3, 11.6.2, 11.6.1
BIG-IP APM
- 11.6.4, 11.6.3, 11.6.2, 11.6.1
BIG-IP GTM
- 11.6.4, 11.6.3, 11.6.2, 11.6.1
BIG-IP LTM
- 11.6.4, 11.6.3, 11.6.2, 11.6.1
BIG-IP AFM
- 11.6.4, 11.6.3, 11.6.2, 11.6.1
BIG-IP ASM
- 11.6.4, 11.6.3, 11.6.2, 11.6.1
Original Publication Date: 02/20/2015
- Legal Notices and Acknowledgments
-
Setting Up the Thales HSM
- Overview: Setting up the Thales HSM
- Prerequisites for setting up Thales nShield Connect with BIG-IP systems
-
Task summary
- Installing Thales nShield Connect components on the BIG-IP system
- Setting up the RFS on the BIG-IP system (optional)
- Setting up the Thales nShield Connect client on the BIG-IP system
- Setting up the Thales nShield Connect client on a newly added or activated blade
- Configuring the Thales nShield Connect client for multiple HSMs in an HA group
-
Managing External HSM Keys for LTM
- Overview: Managing external HSM keys for LTM
-
Task summary
- Configuring the key protection type
- Generating a token-, module-, or softcard-protected key/certificate using Thales nShield Connect
- Configuring hardware-protected HSM keys using tmsh
- Adding certificates using tmsh
- Creating a client SSL profile to use an external HSM key and certificate
- Migrating existing software-protected or unprotected keys to the Thales HSM
- Importing existing SSL keys into Thales nShield device for use by the BIG-IP system
- Generating External HSM Key/Cert Pairs for DNSSEC
- Additional Information