3 - C H A P T E R -

C H A P T E R 3

Enabling the Board for iPlanet Web Servers

This chapter explains how to enable the Sun Crypto Accelerator 1000 board for use with iPlanet Web Servers. This chapter includes the following sections:

Passwords

Creating and Populating a Realm

Overview for Enabling iPlanet Web Servers

Passwords

You are asked for several passwords in the course of enabling an iPlanet Web Server (iWS). TABLE 3-1 provides a description of each. These passwords are referred to throughout this chapter. If there is any confusion about which password to use, refer to TABLE 3-1.


Type of Password	Description
iWS Administration server	Required to start up the iPlanet administration server. This password was assigned during iPlanet setup.
Web Server Trust Database	Required to start the internal cryptographic module when running in secure mode. This password was assigned when creating a trust database through the iPlanet Web Server Administration Server. This password is also required when requesting and installing certificates into the internal cryptographic module.
System Administrator	Required when performing `secadm` privileged operations. This is the UNIX host password for root (or another UID zero account on the Solaris host.
user@realm-name	Required to start the Sun Crypto Accelerator 1000 module when running in secure mode. This password was assigned when creating a user for a realm using `secadm`. This password is also required when requesting and installing certificates into the user@realm-name cryptographic module.

Creating and Populating a Realm

Before you can enable the board for use with iPlanet Web Servers, you must first set up and populate realms. If you have not already done so, you must set up at least one realm and one user. See Appendix A for more information on realms.

To Create and Populate a Realm

1. If you have not already done so, place the Sun Crypto Accelerator 1000 tools directory in your search path, for example:

$ PATH=$PATH:/opt/SUNWconn/crypto/bin

$ export PATH

2. Access the secadm utility:

$ secadm

3. Use the secadm utility to create a new realm:

secadm> create realm=realm-name

System Administrator Login Required

Login: root

Password:

Realm realm-name created successfully.

4. Populate the realm with users.

These usernames are known only within the domain of the Sun Crypto Accelerator 1000 and do not need to be identical to the UNIX username that the web server process is using. Before attempting to create the user, remember that you must first set the current working realm and log in as the system administrator.

Before you create the users you must set the realm where the users will be created.

secadm> set realm=realm-name

secadm{realm-name}> su

System Administrator Login Required

Login: root

Password:

secadm{root@realm-name}#

5. If you only need one realm user, you can avoid setting up a slot file by using the user name nobody. See Slot Files for more information.

secadm{root@realm-name}# create user=nobody

Initial password:

Confirm password:

User nobody created successfully.

You must use this password when authenticating during a web server startup. This is the user@realm-name password.

Caution - You must remember the password you enter. Without the password, you cannot access your keys. There is no way to retrieve a lost password.

6. Exit secadm.

secadm{root@realm-name}# exit

Overview for Enabling iPlanet Web Servers

To enable iPlanet Web Servers you must complete the following procedures, which are explained in detail in the next two chapters.

1. Install the iPlanet Web Server

2. Create a trust database.

3. Request a certificate.

4. Install the certificate.

5. Configure the iPlanet Web Server.

Caution - These procedures must be followed in the order given. Failure to do so may result in an incorrect configuration.

If you are using iPlanet Web Server 4.1, go to Chapter 4.

If you are using iPlanet Web Server 6.0, go to Chapter 5.