Last Modified: May 29, 2024
Affected Product(s):
BIG-IP TMOS
Fixed In:
17.1.1, 16.1.4
Opened: Jul 13, 2022 Severity: 2-Critical
You are unable to create dnssec keys that use the internal FIPS HSM. When this issue happens the following error messages appear in /var/log/gtm Jul 20 04:37:47 localhost failed to read password encryption key from the file /shared/fips/nfbe0/pek.key_1, error 40000229 Jul 20 04:37:47 localhost.localdomain err gtmd[28729]: 011a0312:3: Failed to initiate session with FIPS card. Jul 20 04:37:47 localhost.localdomain err gtmd[28729]: 011a0309:3: Failed to create new DNSSEC Key Generation /Common/abcd:1 due to HSM error.
DNSSEC deployments with internal FIPS HSMs are impacted.
-- Internal FIPS card present. -- Clean installation from an installation ISO file. -- DNSSKEY creation using internal FIPS card.
Change the /shared/fips directory permissions. Ex: chmod 700 /shared/fips
None