Forum Discussion

zans_365404's avatar
zans_365404
Icon for Nimbostratus rankNimbostratus
Sep 07, 2018

FIPS card status

Hello.

 

I'm wondering if there is any way to see, whether or not the FIPS card is operational via iControl REST API.

 

If REST API doesn't provide that information, I'm interested if it can be obtain by any other means (for example, SNMP).

 

I also found this thread (https://devcentral.f5.com/questions/fips-card-how-to-tell-if-it-has-been-initialised) where the fipsutil command is mentioned. Does anyone know which error code is returned if FIPS card is not initialized and if it is initialized (I suspect this should be error code 0)?

 

Thank you.

 

1 Reply

  • If its a Non FIPS box,

    fipsutil info

    No supported FIPS device found
    

    If its a FIPS box,

    fipsutil info

    Label:             F5FIPS
    HSM Serial Number: xxxxxxx   
    

    If the box is already FIPS initialized,

    fipsutil init

    HSM already initialized
    

    If the box is NOT FIPS initialized, running the below command would start initializing, followed by asking the SO/DO pwds.

    fipsutil init

    NFB Initialization Process
    
    WARNING - all private keys in NFB will be erased after SO password is entered!
    Any configuration objects dependent on FIPS keys will cause the configuration fail to load.
    Passwords must be at least 7 characters in length.
    Enter no password if you instead wish to cancel.
    
    New SO Password:
    Re-enter new SO Password: