Was initiating a HSM on a couple i7820-DF devices today and noticed a change from the K article on length of SO password. The K article is old and about the 14 character limit being incorrect during the initiation process. - https://support.f5.com/csp/article/K15759
Today the feedback from the script showed:
WARNING: This erases all keys from the FIPS 140 device.
Any configuration objects dependent on FIPS keys will cause
the configuration fail to load.
Enter new Security Officer password (min. 7, max. 32 characters😞
Re-enter Security Officer password:
NOTE: security domain label must be identical on peer
FIPS devices in order to be able to synchronize with them.
Enter security domain label (max. 49 chars, default: F5FIPS):
ERROR: Failed to set security officer's password: 129
ERROR: INITIALIZATION FAILED!
The FIPS device is NOT operational.
Please, re-run initialization.
If you go past the 14 character limit the HSM goes completely offline and you need to reboot the F5 to be able to run the init script again. If you restart all services it will still not respond.
Once rebooted and you add a SO password at or below 14 you are good to go. Any idea why the script is now saying 32 characters?