Sun Microsystems 820433510 Server User Manual


 
For the Microsoft Windows environment, add the location of NSS libraries AS_NSS and the
NSS tools directory, AS_NSS_BIN to the PATH environment variable. For simplicity, the
procedures described in this section use UNIX commands only. You should replace the UNIX
variables with the Windows variables, where appropriate.
Conguring the hardware crypto accelerators is divided into two main procedures:
“Conguring PKCS#11 Tokens” on page 121
“Conguring J2SE 5.0 PKCS#11 Providers” on page 124
Conguring PKCS#11Tokens
This section describes how to congure PKCS#11 tokens with the NSS security tool modutil.
Use the following procedure to congure a PKCS#11 token.
Enter the following command (all on one line):
modutil -dbdir AS_NSS_DB -nocertdb -force -add moduleName -libfile
absolute_path_of_pkcs11_library -mechanisms list_of_security_mechanisms
where, AS_NSS_DB is the NSS database directory (same as AS_DOMAIN_CONFIG when you use
the Domain Administration Server (DAS))
For example, to congure a hardware accelerator token, enter the following (all on one line):
modutil -dbdir AS_NSS_DB -nocertdb -force -add "Sun Crypto Accelerator" -libfile
/opt/SUNWconn/crypto/lib/libpkcs11.so -mechanisms RSA:DSA:RC4:DES
The hardware accelerator in this example is a SCA–1000 cryptographic accelerator. The
corresponding PKCS#11 library, by default, is located in
/opt/SUNWconn/crypto/lib/libpkcs11.so.
The mechanisms must be a complete list of the cryptographic mechanisms that are available in
the token. To use just a few of the available cryptographic mechanisms, see
“Conguring J2SE
5.0 PKCS#11 Providers” on page 124. For a list of all supported mechanisms, see the modutil
documentation on the NSS Security Tools site at
http://www.mozilla.org/projects/security/pki/nss/tools .
The examples that follow assume that the token name specied at token installation time is
mytoken.
To verify that the hardware accelerator is congured properly, enter the following command:
modutil -list -dbdir AS_NSS_DB
The standard output will look similar to the following:
UsingHardwareCrypto AcceleratorWithEnterpriseServer
Chapter9 • ConguringSecurity 121