Troubleshooting

Error

Diagnosis

Error: Failed to attach external HSM client library.

Please check if you specified the vendor provided

PKCS#11 library path correctly

1. Verify whether the correct Path to PKCS#11 library path is specified

2. Verify if the cs_pkcs11_R3.cfg file is available

under /etc/utimaco folder

1. Verify if the cs_pkcs11_R3.cfg file configurations are correct

LoginUser= failed:

05.12.2021 23:45:45 src/p11adm_R2.c[429] p11_login: C_Login [type=1] returned Error

0x00000102 (CKR_USER_PIN_NOT_INITIALIZED)

PKCS#11 Slot is not initialized. Refer Initialize a Slot

Key management library returned bad status: -36,

Nethsm is not installed

Verify if pkcs11d is service is up and running

# bigstart status/restart pkcs11d

Key management library returned bad status: -18, A vendor error has occurred.

1. Check if PKCS#11 user is created. Refer Initialize a Slot

2. Check if HSM is up and running

3. Restart the pkcs11d is service

# bigstart restart pkcs11d

Data Input Error: The requested key(f5key1) already exists in this scope

They key name already exist. Try with a unique key name

From Configuration Utility, if user is trying to Import a pre-existing NetHSM Key and got below error

Import Failed: Key management library returned bad status: 0, Unable to read POST response data

1) Check with the key attributes are correct 2) Make sure the Name and the Label of the Key matches while importing

3) Verify if the key exists which you are trying to import in Big-IP

While testing the PKCS#11 configuration when user runs pkcs11d_test_suite command. The below error might occur, [Sanity]: Begin

Utimaco::HSM::Exception thrown in finalize

[Sanity]: Failed

1. Check if Security Server Application is Up Running and connected to HSM.

2. Check if the Configuration File pointing towards IP Address of HSM.