Table of Contents
Advertisement
To create a custom configuration file:
1. Create a configuration file called as-install/mypkcs11.cfg with the following code and save
the file.
name=HW1000
library=/opt/SUNWconn/crypto/lib/libpkcs11.so
slotListIndex=0
disabledMechanisms = {
	CKM_RSA_PKCS
	CKM_RSA_PKCS_KEY_PAIR_GEN
}
omitInitialize=true
2. Update the NSS database, if necessary. In this case, update the NSS database so that it will
disable RSA.
Run the following command :
modutil -undefault "Sun Crypto Accelerator" -dbdir AS_NSS_DB -mechanisms RSA
The name of the algorithm on the mechanisms list differs from the one in the default
configuration. For a list of valid mechanisms in NSS, see the modutil documentation on the
NSS Security Tools site at
http://www.mozilla.org/projects/security/pki/nss/tools.
3. Update the server with this change by adding a property in the appropriate location, as
follows:
<property name="mytoken" value="&InstallDir;/mypkcs11.cfg"/>
The location for the property could be one of the following:
If the provider is for a DAS or server instance, add the property under the associated
■
<security-service>.
If the provider is for a node agent, add the property under the associated
■
<node-agent> element in the domain.xml file.
4. Restart the Enterprise Server.
The customized configurations will be in effect after the restart.
Chapter 9 • Configuring Security
Using Hardware Crypto Accelerator With Enterprise Server
125
Advertisement
Chapters
Table of Contents
