Product Documentation

Reset a locked HSM

The HSM becomes locked (no longer operational) if you change the SO password, restart the appliance without saving the configuration, and make three unsuccessful attempts to change the password. This is a security measure for preventing unauthorized access attempts and changes to the HSM settings.

Important: To avoid this situation, save the configuration after initializing the HSM. If the HSM is locked, you must reset the HSM and restart the appliance to restore the default passwords. You can then use the default passwords to access the HSM and configure it with new passwords. When finished, you must save the configuration and restart the appliance.

Caution: Do not reset the HSM unless it has become locked.

Reset a locked HSM by using the CLI

At the command prompt, type the following commands to reset and re-initialize a locked HSM:

reset ssl fips  
reboot -warm
set ssl fips -initHSM Level-2 <new SO password> <old SO password> <user password> [-hsmLabel <string>]
save ns config  
reboot -warm

Example:

reset fips

reboot -warm

set fips -initHSM Level-2 newsopin123 sopin123 userpin123 -hsmLabel NSFIPS

saveconfig

reboot -warm

Note: By default the HSM passwords are preconfigured. The <Old_SO_Password> = so12345, <User_Password> = user123, <New_SO_Password> = sopin12345, <New_User_Password> = userpin123.

Reset a locked HSM by using the GUI

  1. Navigate to Traffic Management > SSL > FIPS
  2. In the details pane, on the FIPS Info tab, click Reset FIPS.
  3. Configure the HSM, as described in Configuring the HSM.
  4. In the details pane, click Save.

Reset a locked HSM