Last Modified: Dec 11, 2025
Affected Product(s):
F5OS F5OS-A, F5OS-C
Known Affected Versions:
F5OS-A 1.5.1, F5OS-A 1.5.2, F5OS-A 1.5.3, F5OS-A 1.5.4, F5OS-A 1.8.0, F5OS-A 1.8.3, F5OS-C 1.6.0, F5OS-C 1.6.1, F5OS-C 1.6.2, F5OS-C 1.6.4, F5OS-C 1.8.0, F5OS-C 1.8.1, F5OS-C 1.8.2
Opened: Dec 04, 2025 Severity: 3-Major
If a non-FIPS F5OS system is configured with a TLS key/cert pair that is encrypted with a cipher not supported by FIPS, the system will not report an error if the license is convert to FIPS. But subsequent key migrations will fail with the error message: Public-Key for both key and certificate do not match
-- Unable to perform key migration -- Unable to load encrypted key into the configuration and unable to figure out why it's failing.
-- FIPS system configured with a non-FIPS supported key/cert pair.
Re-encrypt the key with aes128 or aes256, e.g.: openssl pkcs8 -topk8 -v2 aes256 -in <name of key file> -out re-encrypted.key
None