Product Documentation

Resetting a Locked HSM

Sep 01, 2016

The HSM becomes locked (no longer operational) if you change the SO password, restart the appliance without saving the configuration, and make three unsuccessful attempts to change the password. This is a security measure for preventing unauthorized access attempts and changes to the HSM settings.

Important: To avoid this situation, save the configuration after initializing the HSM.

If the HSM is locked, you must reset the HSM and restart the appliance to restore the default passwords. You can then use the default passwords to access the HSM and configure it with new passwords. When finished, you must save the configuration and restart the appliance.

Caution: Do not reset the HSM unless it has become locked.

To reset a locked HSM by using the command line interface

At the command prompt, type the following commands to reset and re-initialize a locked HSM:

  • reset ssl fips
  • reboot -warm
  • set ssl fips -initHSM Level-2 <new SO password> <old SO password> <user password> [-hsmLabel <string>]
  • save ns config
  • reboot -warm

Example

reset fips 
reboot -warm 
set fips -initHSM Level-2 newsopin123 sopin123 userpin123 -hsmLabel NSFIPS 
saveconfig 
reboot -warm
Note: The SO and User passwords are the default passwords.

To reset a locked HSM by using the configuration utility

  1. Navigate to Traffic Management > SSL > FIPS
  2. In the details pane, on the FIPS Info tab, click Reset FIPS.
  3. Configure the HSM, as described in Configuring the HSM.
  4. In the details pane, click Save.