Bug ID 700794: Cannot replace a FIPS key with another FIPS key via tmsh

Last Modified: Jan 24, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP TMOS(all modules)

Known Affected Versions:
12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4

Fixed In:
14.1.0

Opened: Jan 04, 2018
Severity: 3-Major

Symptoms

If you try to replace an existing FIPS key using "tmsh install sys crypto key" the command fails with "is already FIPS". This can also occur when issuing the commands via the REST API.

Impact

Fail to overwrite a FIPS key with another FIPS key via tmsh

Conditions

If a FIPS key already created/installed via tmsh, it can not be replaced or overwritten via "tmsh install sys crypto" command.

Workaround

None

Fix Information

With the fix, the user can now use the command to replace or overwrite existing FIPS key with another key.

Behavior Change