Forum Discussion

Dave_Pisarek's avatar
Aug 03, 2021

15.1.2.1 FIPS HSM initiation issue

All,

 

Was initiating a HSM on a couple i7820-DF devices today and noticed a change from the K article on length of SO password. The K article is old and about the 14 character limit being incorrect during the initiation process. - https://support.f5.com/csp/article/K15759

 

Today the feedback from the script showed:

 

WARNING: This erases all keys from the FIPS 140 device.

Any configuration objects dependent on FIPS keys will cause

the configuration fail to load.

Enter new Security Officer password (min. 7, max. 32 characters):

Re-enter Security Officer password:

NOTE: security domain label must be identical on peer

FIPS devices in order to be able to synchronize with them.

Enter security domain label (max. 49 chars, default: F5FIPS):

ERROR: Failed to set security officer's password: 129

ERROR: INITIALIZATION FAILED!

The FIPS device is NOT operational.

Please, re-run initialization.

 

If you go past the 14 character limit the HSM goes completely offline and you need to reboot the F5 to be able to run the init script again. If you restart all services it will still not respond.

 

Once rebooted and you add a SO password at or below 14 you are good to go. Any idea why the script is now saying 32 characters?

 

 

No RepliesBe the first to reply