Support User Manuals

Sun Microsystems 820433510 Server User Manual

Open as PDF

of 256

For the Microsoft Windows environment, add the location of NSS libraries AS_NSS and the

NSS tools directory, AS_NSS_BIN to the PATH environment variable. For simplicity, the

procedures described in this section use UNIX commands only. You should replace the UNIX

variables with the Windows variables, where appropriate.

Conguring the hardware crypto accelerators is divided into two main procedures:

■

“Conguring PKCS#11 Tokens” on page 121

■

“Conguring J2SE 5.0 PKCS#11 Providers” on page 124

Conguring PKCS#11Tokens

This section describes how to congure PKCS#11 tokens with the NSS security tool modutil.

Use the following procedure to congure a PKCS#11 token.

Enter the following command (all on one line):

modutil -dbdir AS_NSS_DB -nocertdb -force -add moduleName -libfile

absolute_path_of_pkcs11_library -mechanisms list_of_security_mechanisms

where, AS_NSS_DB is the NSS database directory (same as AS_DOMAIN_CONFIG when you use

the Domain Administration Server (DAS))

For example, to congure a hardware accelerator token, enter the following (all on one line):

modutil -dbdir AS_NSS_DB -nocertdb -force -add "Sun Crypto Accelerator" -libfile

/opt/SUNWconn/crypto/lib/libpkcs11.so -mechanisms RSA:DSA:RC4:DES

The hardware accelerator in this example is a SCA–1000 cryptographic accelerator. The

corresponding PKCS#11 library, by default, is located in

/opt/SUNWconn/crypto/lib/libpkcs11.so.

The mechanisms must be a complete list of the cryptographic mechanisms that are available in

the token. To use just a few of the available cryptographic mechanisms, see

“Conguring J2SE

5.0 PKCS#11 Providers” on page 124. For a list of all supported mechanisms, see the modutil

documentation on the NSS Security Tools site at

http://www.mozilla.org/projects/security/pki/nss/tools .

The examples that follow assume that the token name specied at token installation time is

mytoken.

To verify that the hardware accelerator is congured properly, enter the following command:

modutil -list -dbdir AS_NSS_DB

The standard output will look similar to the following:

UsingHardwareCrypto AcceleratorWithEnterpriseServer

Chapter9 • ConguringSecurity 121

previous next