Bug ID 634023: Use tmsh to create key and certificate based on Thales netHSM

Last Modified: Nov 07, 2022

Affected Product(s):
BIG-IP LTM(all modules)

Known Affected Versions:
13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1

Fixed In:

Opened: Dec 16, 2016

Severity: 3-Major


There are no tmsh commands for key/cert management for Thales.


Must use fipskey.nethsm (a standalone wrapper program for the Thales-provided utility) to create Thales netHSM keys and certificates.


When Thales is used as netHSM to work with the BIG-IP system.


Use fipskey.nethsm to create netHSM keys and certificates.

Fix Information

The system now supports native PKCS#11 API based key management for netHSM vendors. With this fix, all netHSM users including Thales users are able to use tmsh command to manage keys and certificates.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips