Bug ID 674689: ECDSA Key management support on BIG-IP using Thales and SafeNet external network HSM

Last Modified: Nov 07, 2022

Bug Tracker

Affected Product:  See more info
BIG-IP LTM(all modules)

Known Affected Versions:
13.1.0,,,,,,,,, 13.1.1,,,,, 13.1.3,,,,,,, 13.1.4,, 13.1.5,

Fixed In:

Opened: Jul 19, 2017
Severity: 1-Blocking


There is no support for ECDSA key management on BIG-IP systems using external network HSM on Thales and SafeNet.


ECDSA Keys and Certificates cannot be created on external network HSM such as Thales and SafeNet on BIG-IP systems.


Creating ECDSA keys and certificates using tmsh/GUI and iControl. e.g., tmsh create sys crypto key ec_nethsm key-type ec-private curve- name prime256v1 security-type nethsm tmsh create sys crypto cert ec_nethsm key ec_nethsm common-name www.ecdsa.com


No workaround.

Fix Information

ECDSA Key/cert management using external network HSM such as Thales and SafeNet is now supported on BIG-IP systems. The feature provides support on BIG-IP systems for external network HSM to create/list/delete/ operation for ECDSA keys and certificates along with using ECDSA sign operation during SSL handshake.

Behavior Change