After upgrade from 10.4.x to 11.4.X FIPS keys not loading

is there any error when running fips-util -v labelcheck?

root@(B6900-R69-S7)(cfg-sync Standalone)(Active)(/Common)(tmos) run util fips-util -v labelcheck
root@(B6900-R69-S7)(cfg-sync Standalone)(Active)(/Common)(tmos)

Sorry the box is currently off network and i have no access to it, can you tell me what the above command checks and if i do get an error by running the above command what should be the expected action i should take?

can you tell me what the above command checks and if i do get an error by running the above command what should be the expected action i should take?

if fips is initialized and security domain is configured, the command will return nothing. i do not have list of error but hope it would give more clue.

Thankd for your reply

i came across this solution https://support.f5.com/kb/en-us/solutions/public/15000/500/sol15577.html and i think it would apply to this scenario since i see the ssl key names are greater than 32 characters. But i don't understand the workaround mentioned.

Do i have to Re-intialize FIPS and then rename the keys to less than 32 characters and convert the keys to FIPS again.

Do i have to Re-intialize FIPS and then rename the keys to less than 32 characters and convert the keys to FIPS again.

i understand only installing the exp key (tmsh install sys crypto key) because fips should be initialized already.

i ran the command run util fips-util -v labelcheck but it gives me no error

Nov 23 02:43:19  notice mcpd[14531]: 01071038:5: Unit key hash from key header: 
Nov 23 02:43:20  notice mcpd[14531]: 01071038:5: Unit key hash computed from read key:
Nov 23 02:43:20  notice mcpd[14531]: 01071038:5: Unit key read from the hardware.
Nov 23 02:43:31  err mcpd[14531]: 010713e4:3: FIPS subsystem reported error while attempting file object operation: FipsMgr::get_handle_from_modulus error unable to obtain handle. Modulus(modulus values...), FIPS:APPLICATION ERROR.
Nov 23 02:43:31  err mcpd[14531]: 010713e4:3: FIPS subsystem reported error while attempting file object operation: import_key_file: failed to open key file /config/ssl/ssl.cavfips/:Common:.exp.
Nov 23 02:43:31  err mcpd[14531]: 010713e4:3: FIPS subsystem reported error while attempting file object operation: delete_duplicate_labels: couldn't find key label for handle (259), (null).
Nov 23 02:43:31  err mcpd[14531]: 010713e4:3: FIPS subsystem reported error while attempting file object operation: FipsMgr::get_handle_from_modulus error unable to obtain handle. Modulus(modules values..), FIPS:APPLICATION ERROR.
Nov 23 02:43:31  err mcpd[14531]: 01070712:3: Caught configuration exception (0), validate_file_contents:(/Common/.key) : unable to import key (/Common/.key) in FIPS card - sys/validation/FileObject.cpp, line 4999.

Nov 23 02:43:31 err mcpd[14531]: 010713e4:3: FIPS subsystem reported error while attempting file object operation: import_key_file: failed to open key file /config/ssl/ssl.cavfips/:Common:.exp.

does the exp file exist?

by removing stale key(not associated with any profile), the configuration was able to load