-
In the BIG-IP configuration utility, select System > Certificate Management > Traffic Certificate Management. The Traffic Certificate Management screen opens.
-
The Traffic Certificate Management screen opens.
-
From the SSL Certificate List, select the key to delete.
-
Click on the Delete button.
-
The key selected is only deleted from BIG-IP.
# ./p11tool2 LoginUser=12345678 ListObjects
CKA_KEY_TYPE = CKK_RSA
CKA_UNIQUE_ID = 44A64C8C-FA89-4676-9CF2-46F92A9B90D9
CKA_SENSITIVE = CK_TRUE
CKA_EXTRACTABLE = CK_FALSE
CKA_LABEL = F5-BIGIPImport1
CKA_ID =
0x63343839 35616633 65333438 34383762 |c4895af3e348487b|
32656165 32656536 63356634 65663635 |2eae2ee6c5f4ef65|
CKA_KEY_TYPE = CKK_RSA
CKA_UNIQUE_ID = 709BEDBE-5200-47CC-92E7-4A639C9AB0BC
CKA_SENSITIVE = CK_TRUE
CKA_EXTRACTABLE = CK_FALSE
CKA_LABEL = BIGIPTest1___03c9f2fd
CKA_ID =
0x38303137 31316435 65323265 36383931 |801711d5e22e6891|
38343330 66376334 30336339 66326664 |8430f7c403c9f2fd|
-
Try to create a new Certificate and Key with the same name. BIG-IP will return an error.
-
Delete the key from HSM.
# ./p11tool2 LoginUser=12345678 Label=F5-BIGIPImport1 DeleteObject
2 Objects deleted
-
Create a new Key through System > Certificate Management > Traffic Certificate Management.
New Key Created
-
Verify the object in the HSM.
# ./p11tool2 LoginUser=12345678 ListObjects CKO_PRIVATE_KEY: + 1.1 CKA_KEY_TYPE = CKK_RSA CKA_UNIQUE_ID = 56860D8C-A6C6-481D-82AC-C2110F652C61 CKA_SENSITIVE = CK_TRUE CKA_EXTRACTABLE = CK_FALSE CKA_LABEL = F5-BIGIPImport1___5119ac99 CKA_ID = 0x64336432 65363731 31346635 62363931 |d3d2e67114f5b691| 64373836 35316433 35313139 61633939 |d78651d35119ac99|