ADC

Reset a locked HSM

Important! The MPX 9700/10500/12500/15500 FIPS platform has reached end of life.

The HSM becomes locked (no longer operational) if you change the SO password, restart the appliance without saving the configuration, and make three unsuccessful attempts to change the password. The locking is a security measure for preventing unauthorized access attempts and changes to the HSM settings.

Important: To avoid this situation, save the configuration after initializing the HSM. If the HSM is locked, you must reset the HSM and restart the appliance to restore the default passwords. You can then use the default passwords to access the HSM and configure it with new passwords. When finished, you must save the configuration and restart the appliance.

Caution: Reset the HSM only if it is locked.

Reset a locked HSM by using the CLI

At the command prompt, type the following commands to reset and reinitialize a locked HSM:

reset ssl fips
reboot -warm
set ssl fips -initHSM Level-2 <new SO password> <old SO password> <user password> [-hsmLabel <string>]
save ns config
reboot -warm
<!--NeedCopy-->

Example:

reset fips

reboot -warm

set fips -initHSM Level-2 newsopin123 sopin123 userpin123 -hsmLabel NSFIPS

saveconfig

reboot -warm

Note: By default the HSM passwords are preconfigured. The <Old_SO_Password> = so12345, <User_Password> = user123, <New_SO_Password> = sopin12345, <New_User_Password> = userpin123.
<!--NeedCopy-->

Reset a locked HSM by using the GUI

  1. Navigate to Traffic Management > SSL > FIPS
  2. In the details pane, on the FIPS Info tab, click Reset FIPS.
  3. Configure the HSM, as described in Configuring the HSM.
  4. In the details pane, click Save.
Reset a locked HSM