Bug ID 700794: Cannot replace a FIPS key with another FIPS key via tmsh

Last Modified: Apr 20, 2022

Bug Tracker

Affected Product:  See more info
BIG-IP TMOS(all modules)

Known Affected Versions:
12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3,,,,,,,, 12.1.4,, 12.1.5,,,, 12.1.6, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1, 13.1.0,,,,,,,,, 13.1.1,,,,, 13.1.3,,,,,,, 13.1.4,, 13.1.5, 14.0.0,,,,,, 14.0.1,

Fixed In:

Opened: Jan 04, 2018
Severity: 3-Major


If you try to replace an existing FIPS key using "tmsh install sys crypto key" the command fails with "is already FIPS". This can also occur when issuing the commands via the REST API.


Fail to overwrite a FIPS key with another FIPS key via tmsh


If a FIPS key already created/installed via tmsh, it can not be replaced or overwritten via "tmsh install sys crypto" command.



Fix Information

With the fix, the user can now use the command to replace or overwrite existing FIPS key with another key.

Behavior Change