Manual Chapter : Additional Information

Applies To:

Show Versions Show Versions

BIG-IP AAM

  • 13.0.1, 13.0.0

BIG-IP APM

  • 13.0.1, 13.0.0

BIG-IP LTM

  • 13.0.1, 13.0.0

BIG-IP AFM

  • 13.0.1, 13.0.0

BIG-IP DNS

  • 13.0.1, 13.0.0

BIG-IP ASM

  • 13.0.1, 13.0.0
Manual Chapter

Upgrading the BIG-IP software when using the SafeNet Luna HSM

After a BIG-IP® system software or hotfix upgrade, you must run the SafeNet Luna SA client setup script to restore your default SafeNet configuration. Any local keys and certificates you added to the BIG-IP system configuration before upgrading (using the command tmsh install sys crypto) appear in the upgrade partition, but they are usable only after you run the SafeNet Luna SA client setup script. Keys, certificates, and CSRs created using tmsh are already part of the BIG-IP system configuration, and can be used after running the SafeNet script. If you are restoring the Luna SA client on a VIPRION® system, you run the script only on the primary blade, and then the system propagates the configuration to the additional active blades.

Note: If you will need keys, certificates, or CSRs that were not added to the BIG-IP system configuration, before you upgrade, copy the files into the /shared directory. After the upgrade, copy them back to their appropriate directories in the new partition: /config/ssl/ssl.key/, /config/ssl/ssl.crt, or /config/ssl/ssl.csr.
  1. Log in to the command-line interface of the BIG-IP system using an account with administrator privileges.
  2. Reinstall the Luna SA client on the BIG-IP system, using the parameters you used when you initially installed and registered it.
    nethsm-safenet-install.sh

Uninstalling SafeNet Luna SA components from the BIG-IP system

If you no longer need to use the SafeNet Luna SA HSM on a BIG-IP® system, you should uninstall the files.
  1. Log in to the command-line interface of the system using an account with administrator privileges.
  2. Uninstall the SafeNet client software and clean up SafeNet directories.
    nethsm-safenet-install.sh -u [-v]

nethsm-safenet-install.sh utility options

The nethsm-safenet-install.sh utility includes these options:

Option Description
-h Display help
-v Verbose output
--hsm_ip_addr=<ip_addr> SafeNet Luna SA HSM IP address
--hsm_username=<user_name> SafeNet Luna SA HSM user name. Default is admin.
--interface=<interface_name> BIG-IP system interface used to communicate with the SafeNet Luna SA HSM. Default is the management interface.
--client_ip_addr=<client_ip_addr> IP address of the BIG-IP system, as seen by the SafeNet Luna SA HSM
--hsm_password=<password> SafeNet Luna SA HSM partition password
--image=<image_name> SafeNet Luna SA tarball to be installed (for example, Luna_5.1_Client_Software.tar). This file must be stored on the BIG-IP system in /shared/safenet_install.