Last Modified: Apr 28, 2025
Affected Product(s):
BIG-IP LTM
Known Affected Versions:
11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 11.6.1
Fixed In:
12.1.0, 12.0.0, 11.6.1 HF1
Opened: Jun 24, 2014 Severity: 3-Major
Under some conditions, when deleting a SafeNet key, the key is deleted from HSM but not from the BIG-IP system.
If this clientSSL profile is currently used by a virtual server, then SSL connection to this virtual server fails since the key is not in HSM.
This issue happens when the BIG-IP system satisfies the following conditions: 1. A SafeNet-generated key is in use by a clientSSL profile. 2. Safenet HSM is installed.
1. Remove the key/cert from the clientSSL profile, so that they become 'not in use'. 2. Delete the not-in-use key/cert from the BIG-IP system. 2. Configure another key/cert in the clientSSL profile.
In this release, when deleting a SafeNet key, the key is deleted from HSM as well as from the BIG-IP system