Common Issues and How to Resolve Them

Error: Failed to attach external HSM client library. Please check if you specified the vendor-provided PKCS#11 library path correctly.

1. Verify whether the correct Path to PKCS#11 library path is specified.

2. Verify if the cs_pkcs11_R3.cfg file is available under /etc/utimaco folder.

3. Verify if the cs_pkcs11_R3.cfg file configurations are correct.

LoginUser= failed: 05.12.2021 23:45:45 src/p11adm_R2.c[429] p11_login: C_Login [type=1] returned Error 0x00000102 (CKR_USER_PIN_NOT_INITIALIZED)

PKCS#11 Slot is not initialized.

Key management library returned bad status: -36, Nethsm is not installed

Verify if pkcs11d is service is up and running.

# bigstart status/restart pkcs11d

Key management library returned bad status: -18, A vendor error has occurred.

1. Check if PKCS#11 user is created.

2. Check if HSM is up and running .

3. Restart the pkcs11d service
   # bigstart restart pkcs11d

Data Input Error: The requested key(f5key1) already exists in this scope

The key name already exists. Try with a unique key name.

From Configuration Utility, if the user is trying to import a pre-existing NetHSM Key and gets the following error:

Import Failed: Key management library returned bad status: 0, Unable to read POST response data.

1. Check that the key attributes are correct.

2. Make sure the Name and the Label of the Key match while importing.

3. Verify if the key exists that you are trying to import in BIG-IP.

While testing the PKCS#11 configuration when user runs pkcs11d_test_suite command, the below error might occur:

[Sanity]: Begin Utimaco::HSM::Exception thrown in finalize [Sanity]: Failed

1. Check if the SecurityServer Application is up, running, and connected to HSM.

2. Check if the Configuration File is pointing towards the IP Address of the HSM.