Table of Contents
Advertisement
Clearing Secure Key Storage on Xcel I
Over time, it is possible for the SKS memory on the Xcel I hardware to become full. When SKS is full, the
following error is returned when you try to add another key (or replace an existing key):
Call to 'cert2sks' failed.
Error initializing RSA material
Using stdin
Could not allocate RSA key (N8_NO_MORE_RESOURCE).
Died at /usr/local/sbin/cert2sks line 286.
When this happens, you can do one of two things:
•
Uncheck the use secure key storage check box when adding the SSL certificate; the private key will be
kept on the Equalizer instead of in SKS.
•
Clear SKS memory (using the procedure below); this removes all keys from SKS and will free up any
space taken by keys that are no longer used (assuming you have not already used all 128kb of space on the
Xcel hardware with valid keys). After you clear SKS, you'll need to re-add all the certificates for all the
HTTPS clusters whose keys were kept in SKS.
To clear SKS memory on Xcel I:
1.
Log into Equalizer as root over the serial line, or login via SSH and use the su command to switch to the root
login.
2.
Enter the following command:
SKSManager -R -u 0
3.
After the operation completes (which should take about 1 minute), re-add all certificates for all HTTPS clusters.
Configuring Cipher Suites
The
HTTPS cluster parameter lists the supported encryption algorithms for incoming HTTPS requests.
cipher suite
If a client request comes into Equalizer that does not use a cipher in this list, the connection is refused. If this field is
blank, then any cipher suite supported by Equalizer's SSL implementation (or by Xcel Hardware SSL Acceleration,
when enabled) will be accepted.
To view or set the
cipher suite
tab in the right frame.
Security > SSL
Default Cipher Suites
For an Equalizer with no Xcel SSL Hardware Acceleration installed and for systems with Xcel II enabled, the
following default setting for
AES128-SHA:DES-CBC3-SHA:RC4-SHA:RC4-MD5:AES256-SHA
For an Equalizer with Xcel I enabled, the following default value is used:
DES-CBC3-SHA:RC4-SHA:RC4-MD5:AES256-SHA
Updating the Cipher Suites Field
This field can be used to specify a custom cipher suite required by the servers in a cluster. In general, to add a cipher
suite, you spefiy a plus sigh (+) and then the name of the suite. To specifically exclude a cipher suite, use an
exclamation point (!).
Equalizer Installation and Administration Guide
field for a cluster, click on the cluster name in the left frame and then select the
is used:
cipher suite
Configuring Cipher Suites
289
Hide quick links:
Advertisement
Table of Contents
Need help?
Do you have a question about the E350GX and is the answer not in the manual?