Contents

Sun Crypto Accelerator 4000 Board Installation and User's Guide

817-0431-10

Contents

1. Product Overview

Product Features

Key Protocols and Interfaces

Supported Applications

Supported Cryptographic Protocols

Diagnostic Support

Cryptographic Algorithm Acceleration

Supported Cryptographic Algorithms

Bulk Encryption

Hardware Overview

IPsec Hardware Acceleration

Sun Crypto Accelerator 4000 MMF Adapter

Sun Crypto Accelerator 4000 UTP Adapter

Dynamic Reconfiguration and High Availability

Hardware and Software Requirements

Required Patches

Apache Web Server Patch

Solaris 8 Patches

Solaris 9 Patches

2. Installing the Sun Crypto Accelerator 4000 Board

Handling the Board

Installing the Board

small space To Install the Hardware

Installing the Sun Crypto Accelerator 4000 Software

small space To Install the Software

Installing the Optional Packages

Directories and Files

Removing the Software

small space To Remove the Software

3. Configuring Driver Parameters

Sun Crypto Accelerator 4000 Ethernet Device Driver (vca) Parameters

Driver Parameter Values and Definitions

Advertised Link Parameters

Flow Control Parameters

Gigabit Forced Mode Parameter

Interpacket Gap Parameters

Interrupt Parameters

Random Early Drop Parameters

PCI Bus Interface Parameters

Setting vca Driver Parameters

Setting Parameters Using the ndd Utility

small space To Specify Device Instances for the ndd Utility

Noninteractive and Interactive Modes

Setting Autonegotiation or Forced Mode

small space To Disable Autonegotiation Mode

Setting Parameters Using the vca.conf File

small space To Set Driver Parameters Using a vca.conf File

Setting Parameters for All Sun Crypto Accelerator 4000 vca Devices With the vca.conf File

small space To Set Parameters for All Sun Crypto Accelerator 4000 vca Devices With the vca.conf File

Example vca.conf File

Enabling Autonegotiation or Forced Mode for Link Parameters With the OpenBoot PROM

Sun Crypto Accelerator 4000 Cryptographic and Ethernet Driver Operating Statistics

Cryptographic Driver Statistics

Ethernet Driver Statistics

Reporting the Link Partner Capabilities

small space To Check Link Partner Settings

Network Configuration

Configuring the Network Host Files

4. Administering the Sun Crypto Accelerator 4000 Board With the vcaadm and vcadiag Utilities

Modes of Operation

Single-Command Mode

Interactive Mode

Logging In and Out With vcaadm

Logging In to a Board With vcaadm

Logging In to a New Board

Logging In to a Board With a Changed Remote Access Key

vcaadm Prompt

Logging Out of a Board With vcaadm

Entering Commands With vcaadm

Getting Help for Commands

Quitting the vcaadm Program in Interactive Mode

Initializing the Sun Crypto Accelerator 4000 Board With vcaadm

small space To Initialize the Sun Crypto Accelerator 4000 Board With a New Keystore

Initializing the Sun Crypto Accelerator 4000 Board to Use an Existing Keystore

small space To Initialize the Sun Crypto Accelerator 4000 Board to Use an Existing Keystore

Managing Keystores With vcaadm

Naming Requirements

Password Requirements

Setting the Password Requirements

Populating a Keystore With Security Officers

Populating a Keystore With Users

Listing Users and Security Officers

Changing Passwords

Enabling or Disabling Users

Deleting Security Officers

Backing Up the Master Key

Locking the Keystore to Prevent Backups

Managing Boards With vcaadm

Setting the Auto-Logout Time

Displaying Board Status

Loading New Firmware

Resetting a Sun Crypto Accelerator 4000 Board

Rekeying a Sun Crypto Accelerator 4000 Board

Zeroizing a Sun Crypto Accelerator 4000 Board

Using the vcaadm diagnostics Command

Using vcadiag

5. Configuring Sun ONE Server Software for Use With the Sun Crypto Accelerator 4000 Board

Administering Security for Sun ONE Web Servers

Concepts and Terminology

Tokens and Token Files

Enabling and Disabling Bulk Encryption

Configuring Sun ONE Web Servers

Populating a Keystore

small space To Populate a Keystore

Overview for Enabling Sun ONE Web Servers

Installing and Configuring Sun ONE Web Server 4.1

Installing Sun ONE Web Server 4.1

small space To Install Sun ONE Web Server 4.1

small space To Create a Trust Database

small space To Generate a Server Certificate

small space To Install the Server Certificate

Configuring Sun ONE Web Server 4.1 for SSL

small space To Configure the Sun ONE Web Server 4.1

Installing and Configuring Sun ONE Web Server 6.0

Installing Sun ONE Web Server 6.0

small space To Install Sun ONE Web Server 6.0

small space To Create a Trust Database

small space To Generate a Server Certificate

small space To Install the Server Certificate

Configuring Sun ONE Web Server 6.0 for SSL

small space To Configure the Sun ONE Web Server 6.0

6. Configuring Apache Web Servers for Use With the Sun Crypto Accelerator 4000 Board

Enabling the Board for Apache Web Servers

Enabling Apache Web Servers

small space To Enable the Apache Web Server

Creating a Certificate

small space To Create a Certificate

7. Diagnostics and Troubleshooting

SunVTS Diagnostic Software

Installing SunVTS netlbtest and nettest Support for the vca Driver

Using SunVTS Software to Perform vcatest, nettest, and netlbtest

small space To Perform vcatest

Test Parameter Options for vcatest

vcatest Command-Line Syntax

small space To Perform netlbtest

small space To Perform nettest

Using kstat to Determine Cryptographic Activity

Using the OpenBoot PROM FCode Self-Test

small space Performing the Ethernet FCode Self-Test Diagnostic

Troubleshooting the Sun Crypto Accelerator 4000 Board

A. Specifications

Sun Crypto Accelerator 4000 MMF Adapter

Physical Dimensions

Performance Specifications

Power Requirements

Interface Specifications

Environmental Specifications

Sun Crypto Accelerator 4000 UTP Adapter

Physical Dimensions

Performance Specifications

Power Requirements

Interface Specifications

Environmental Specifications

B. SSL Configuration Directives for Apache Web Servers

C. Building Applications for Use With the Sun Crypto Accelerator 4000 Board

D. Software Licenses

Third Party License Terms

E. Manual Pages

F. Zeroizing the Hardware

Zeroizing the Sun Crypto Accelerator 4000 Hardware to the Factory State

small space To Zeroize the Sun Crypto Accelerator 4000 Board With the Hardware Jumper

G. Frequently Asked Questions

How Do I Configure the Web Server to Startup Without User Interaction on Reboot?

small space To Create an Encrypted Key for Automatic Startup of Apache Web Servers on Reboot

small space To Create an Encrypted Key for Automatic Startup of Sun ONE Web Servers on Reboot

How Do I Assign Different MAC Addresses to Multiple Boards Installed in the Same Server?

small space To Assign Different MAC Addresses From a Terminal Window

small space To Assign Different MAC Addresses From the OpenBoot PROM Level

How Can I Configure the Sun Crypto Accelerator 1000 for Use With Apache After I Have Installed the Sun Crypto Accelerator 4000 Software?

How Do I Self-Sign a Certificate for Testing?

Copyright © 2003, Sun Microsystems, Inc. All rights reserved.