Bug ID 631046: Unable to generate a FIPS key using the GUI

Last Modified: Jun 30, 2021

Bug Tracker

Affected Product:  See more info
BIG-IP TMOS(all modules)

Known Affected Versions:
12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 12.1.4.1, 12.1.5, 12.1.5.1, 12.1.5.2, 12.1.5.3, 12.1.6

Opened: Nov 30, 2016
Severity: 3-Major

Symptoms

While generating a FIPS key from the BIG-IP GUI, you get the following error: Key management library returned bad status: -4, FIPS security is not licensed, FIPS key security type is not allowed. Generating a FIPS key from tmsh works properly.

Impact

Unable to generate a FIPS key using the GUI.

Conditions

This occurs on FIPS-licensed 12.1.1 HF1 and HF2, when using the GUI to generate the FIPS key.

Workaround

Use the following tmsh command to generate a FIPS key: tmsh create sys crypto key <key_object_name> security-type fips.

Fix Information

None

Behavior Change