Support User Manuals

Sun Microsystems 820433510 Server User Manual

Open as PDF

of 256

Using Hardware Crypto Accelerator With Enterprise Server

You can use hardware accelerator tokens to improve the cryptographic performance and to

furnish a secure key storage facility. Additionally, you can provide end users with mobile secure

key storage through smart cards.

Sun Java System Application Server supports the use of PKCS#11 tokens for SSL or TLS

communications and Network Security Services (NSS) tools for managing keys and PKCS#11

tokens. This section describes how Enterprise Server provides that support and walks you

through the procedures for the related congurations.

J2SE 5.0 PKCS#11 providers can be easily integrated with the Enterprise Server runtime.

Through these providers, you can use hardware accelerators and other PKCS#11 tokens in

Enterprise Server to achieve fast performance and to protect the private key inherent in SSL or

TLS communications.

This section contains the following topics:

■

“About Conguring Hardware Crypto Accelerators” on page 120

■

“Conguring PKCS#11 Tokens” on page 121

■

“Managing Keys And Certicates” on page 122

■

“Conguring J2SE 5.0 PKCS#11 Providers” on page 124

About Conguring Hardware Crypto Accelerators

Sun GlassFish Enterprise Server has been tested with Sun Crypto Accelerator 1000 (SCA-1000)

and SCA-4000.

Enterprise Server can communicate with PKCS#11 tokens. Packaged with Enterprise Server are

an NSS PKCS#11 token library (for the NSS Internal PKCS#11 Module, commonly known as

the NSS soft token) and NSS command-line management tools. For more details, see

“Using

Network Security Services (NSS) Tools” on page 116

.

Use the NSS tools to create keys and certicates on PKCS#11 tokens and J2SE PKCS#11

providers to access token keys and certicates at runtime. A PKCS#11 provider is a

cryptographic service provider that acts as a wrapper around a native PKCS#11 library. A

PKCS#11 token generally refers to all the hardware and software tokens with a native PKCS#11

interface. A hardware token is a PKCS#11 token implemented in physical devices, such as

hardware accelerators and smart cards. A software token is a PKCS#11 token implemented

entirely in software.

Note – If you run Enterprise Server on the J2SE 1.4.x platform, only one PKCS#11 token, the NSS

soft token, is supported.

UsingHardwareCrypto AcceleratorWithEnterpriseServer

SunGlassFishEnterpriseServer2.1AdministrationGuide • December2008120

previous next