Reset a locked HSM
The HSM becomes locked (no longer operational) if you change the SO password, restart the appliance without saving the configuration, and make three unsuccessful attempts to change the password. This is a security measure for preventing unauthorized access attempts and changes to the HSM settings.
Important: To avoid this situation, save the configuration after initializing the HSM. If the HSM is locked, you must reset the HSM and restart the appliance to restore the default passwords. You can then use the default passwords to access the HSM and configure it with new passwords. When finished, you must save the configuration and restart the appliance.
Caution: Do not reset the HSM unless it has become locked.
Reset a locked HSM by using the CLI
At the command prompt, type the following commands to reset and re-initialize a locked HSM:
reset ssl fips reboot -warm set ssl fips -initHSM Level-2 <new SO password> <old SO password> <user password> [-hsmLabel <string>] save ns config reboot -warm
reset fips reboot -warm set fips -initHSM Level-2 newsopin123 sopin123 userpin123 -hsmLabel NSFIPS saveconfig reboot -warm Note: By default the HSM passwords are preconfigured. The <Old_SO_Password> = so12345, <User_Password> = user123, <New_SO_Password> = sopin12345, <New_User_Password> = userpin123.
Reset a locked HSM by using the GUI
- Navigate to Traffic Management > SSL > FIPS
- In the details pane, on the FIPS Info tab, click Reset FIPS.
- Configure the HSM, as described in Configuring the HSM.
- In the details pane, click Save.