Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP APM
Known Affected Versions:
12.1.2, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1
Fixed In:
13.1.0, 12.1.3
Opened: May 02, 2017 Severity: 3-Major
Policy sync failed with a vague error: err mcpd[5597]: 01071600:3: APM PSync: Atom attribute (fips_exported_key) data type (blob) in class (certificate_key_file_object) object name (/Common/fips1.key) blob value is not empty - no handler for blob Object dump: **certificate_key_file_object:/Common/fips1.key ...
Feature failure for specific configurations.
-- Sync-only device group configuration. -- FIPS cards in use. -- On one device: + Create FIPS key and certificate: 1. Go to System::Certificate Management::Traffic Certificate Management::SSL Certificate List::Create. 2. For 'Security Type' field of 'Key Properties' section, select 'FIPS'. + Create a rewrite profile: 1. Go to Access Policy :: Portal Access :: Rewrite :: Create New Profile. 2. Under 'JavaPatcher Settings' select 'Signer' and 'Signer Key' to the one created above (e.g., 'fips1.crt' and 'fips1.key', respectively). + Create an access profile. + Create a virtual server and attach the access profile and rewrite profile to it. (Note: You must also include other dependent settings, such as a connectivity profile.) 3. Start a policy sync from the device.
None.
Now APM policy sync succeeds even when policy includes FIPS key.