Sun Microsystems 820433510 Server User Manual


 
To create a custom conguration le:
1. Create a conguration le called as-install/mypkcs11.cfg with the following code and save
the le.
name=HW1000
library=/opt/SUNWconn/crypto/lib/libpkcs11.so
slotListIndex=0
disabledMechanisms = {
	CKM_RSA_PKCS
	CKM_RSA_PKCS_KEY_PAIR_GEN
}
omitInitialize=true
2. Update the NSS database, if necessary. In this case, update the NSS database so that it will
disable RSA.
Run the following command :
modutil -undefault "Sun Crypto Accelerator" -dbdir AS_NSS_DB -mechanisms RSA
The name of the algorithm on the mechanisms list diers from the one in the default
conguration. For a list of valid mechanisms in NSS, see the modutil documentation on the
NSS Security Tools site at
http://www.mozilla.org/projects/security/pki/nss/tools .
3. Update the server with this change by adding a property in the appropriate location, as
follows:
<property name="mytoken" value="&InstallDir;/mypkcs11.cfg"/>
The location for the property could be one of the following:
If the provider is for a DAS or server instance, add the property under the associated
<security-service>.
If the provider is for a node agent, add the property under the associated
<node-agent> element in the domain.xml le.
4. Restart the Enterprise Server.
The customized congurations will be in eect after the restart.
UsingHardwareCrypto AcceleratorWithEnterpriseServer
Chapter9 • ConguringSecurity 125