Migrating FIPS private keys from 10.2.4 to 11.5.1

Question

Are there any known methods to successfully install the FIPS keys (as exported from v10.2.4) to v11.5.1? The hardware platform remains the same.

Error received:
root@(bigip1)(cfg-sync Standalone)(Active)(/Common)(tmos) install sys crypto key TEST from-local-file TEST.exp security-type fips
Key management library returned bad status: -18, ERR_ARGUMENTS_BAD

The error I'm receiving in v11.5.1 is the same regardless if an installation/import attempt is made via GUI or TMSH (CLI). The same (TEST.exp) file imports to another v10.2.4 installation without any problems.
1) Fips module is successfully initialized on v11.5.1
2) HW Platform: 8900
3) Fips: 140
[root@bigip1:Active:Standalone] ssl.cavfips  fipsutil info
Label:             F5FIPS
HSM Serial Number: 8100959
Hardware ID:       0x0
Firmware Version:  4.7.1
Total FLASH:       14286412
Free FLASH:        14285172
Total SRAM:        16984948
Free SRAM:         16981876

nitass · Answer

sorry is it same hardware (unit) or different one?&nbsp;
if it is different unit, you have synchronized fips card (i.e. synchronize master key), haven't you?&nbsp;

Forum Discussion

Migrating FIPS private keys from 10.2.4 to 11.5.1

1 Reply

Recent Discussions

F5 iRule to replace host to path

Chrome V 124+ on MacOS - Virtual Server Access Issue

F5 Rseries R2600 Tenant sizing

About AWAF "Redirect URLs" in "Responses and Blocks"

ISP Bandwidth Utilization

Related Content

Getting Started with BIG-IP Next: Migrating an Application Workload

BIG-IP Orchestrate in private Data Center using Terraform Cloud Agent

F5 BIG-IP per application Red Hat OpenShift cluster migrations

Using F5 Distributed Cloud private connectivity orchestration for secure multi-cloud infrastructure

Edge to Pulse: IP Geolocation Database Migration