Last Modified: Jun 01, 2023
Opened: Jul 13, 2022 Severity: 2-Critical
You are unable to create dnssec keys that use the internal FIPS HSM. When this issue happens the following error messages appear in /var/log/gtm Jul 20 04:37:47 localhost failed to read password encryption key from the file /shared/fips/nfbe0/pek.key_1, error 40000229 Jul 20 04:37:47 localhost.localdomain err gtmd: 011a0312:3: Failed to initiate session with FIPS card. Jul 20 04:37:47 localhost.localdomain err gtmd: 011a0309:3: Failed to create new DNSSEC Key Generation /Common/abcd:1 due to HSM error.
DNSSEC deployments with internal FIPS HSMs are impacted.
-- Internal FIPS card present. -- Clean installation from an installation ISO file. -- DNSSKEY creation using internal FIPS card.
Change the /shared/fips directory permissions. Ex: chmod 700 /shared/fips