| Sun Crypto Accelerator 4000 Board Version 1.1 Installation and User's Guide |     |
| Sun Crypto Accelerator 4000 Board Version 1.1 Installation and User's Guide | |
Sun Crypto Accelerator 4000 Board Version 1.1 Installation and User's Guide
817-3693-10
|
Contents |
Supported Cryptographic Protocols
Cryptographic Algorithm Acceleration
Supported Cryptographic Algorithms
Sun Crypto Accelerator 4000 MMF Adapter
Sun Crypto Accelerator 4000 UTP Adapter
Dynamic Reconfiguration and High Availability
Hardware and Software Requirements
2. Installing the Sun Crypto Accelerator 4000 Board
Installing the Sun Crypto Accelerator 4000 Software
Choosing the Optional Packages to Install
Removing the Sun Crypto Accelerator 4000 Software
To Remove the Software With the remove Script
To Remove the Software With the /var/tmp/crypto_acc.remove Script
3. Configuring Driver Parameters
Ethernet Device Driver (vca) Parameters
Driver Parameter Values and Definitions
Setting Parameters Using the ndd Utility
To Specify Device Instances for the ndd Utility
Noninteractive and Interactive Modes
Setting Autonegotiation or Forced Mode
To Disable Autonegotiation Mode
Setting Parameters Using the vca.conf File
To Set Driver Parameters Using a vca.conf File
Setting Parameters for All Sun Crypto Accelerator 4000 vca Devices With the vca.conf File
To Set Parameters for All Sun Crypto Accelerator 4000 vca Devices With the vca.conf File
Enabling Autonegotiation or Forced Mode for Link Parameters With the OpenBoot PROM
Cryptographic and Ethernet Driver Operating Statistics
Cryptographic Driver Statistics
Reporting the Link Partner Capabilities
To Check Link Partner Settings
IPsec In-Line Acceleration Statistics
Configuring the Network Host Files
Configuring IPsec Hardware Acceleration
Enabling Out-of-Band IPsec Acceleration
Enabling In-Line IPsec Acceleration
To Enable In-Line IPsec Hardware Acceleration
4. Administering the Sun Crypto Accelerator 4000 Board
Logging In and Out With vcaadm
Logging In to a Board With vcaadm
Logging Out of a Board With vcaadm
Quitting the vcaadm Utility in Interactive Mode
Initializing the Board With vcaadm
To Initialize the Board With a New Keystore
Initializing the Board to Use an Existing Keystore
To Initialize the Board to Use an Existing Keystore
Managing Keystores With vcaadm
Populating a Keystore With Security Officers
Populating a Keystore With Users
Listing Users and Security Officers
Locking the Keystore to Prevent Backups
Performing a Software Zeroize on the Board
Using the vcaadm diagnostics Command
To Configure the vcad Daemon to Run as a Different Username
To Use Option 1 of the iplsslcfg Script for Sun ONE Web Server 4.1
To Use Option 1 of the iplsslcfg Script for Sun ONE Web Server 6.0
To Use Option 2 of the iplsslcfg Script
To Use Option 3 of the iplsslcfg Script
To Use Option 4 of the iplsslcfg Script
To Use Option 1 of the apsslcfg Script
Using Option 2 of the apsslcfg Script
To Generate a Keypair and Request a Certificate for Apache
To Export Apache (PEM Encoded X.509) Keys to PKCS#12 Format
To Import Keys From PKCS#12 Format to Apache (PEM encoded X.509)
Assigning Different MAC Addresses to Multiple Boards Installed in the Same Server
To Assign Different MAC Addresses From a Terminal Window
To Assign Different MAC Addresses From the OpenBoot PROM Level
5. Installing and Configuring Sun ONE Server Software
Administering Security for Sun ONE Web Servers
Enabling and Disabling Bulk Encryption
Configuring Sun ONE Web Servers
Overview of Enabling Sun ONE Web Servers
Configuring Sun ONE Web Servers to Start Up Without User Interaction on Reboot
To Create an Encrypted Key for Automatic Startup of Sun ONE Web Servers on Reboot
Installing and Configuring Sun ONE Web Server 4.1
To Install Sun ONE Web Server 4.1
Configuring Sun ONE Web Server 4.1
To Register the Board With the Web Server
To Generate a Server Certificate
To Install the Server Certificate
To Enable the Web Server for SSL
Installing and Configuring Sun ONE Web Server 6.0
To Install Sun ONE Web Server 6.0
Configuring Sun ONE Web Server 6.0
To Register the Board With the Web Server
To Generate a Server Certificate
To Install the Server Certificate
To Enable the Web Server for SSL
Installing and Configuring Sun ONE Application Server 7
To Install Sun ONE Application Server 7
To Install the Sun ONE Application Server Add-Ons Software
Configuring Sun ONE Application Server 7
To Register the Board With the Application Server
To Generate a Server Certificate
To Install the Server Certificate
To Enable the Application Server for SSL
Installing and Configuring Sun ONE Directory Server 5.2
Installing Sun ONE Directory Server 5.2
To Install Sun ONE Directory Server 5.2
Configuring Sun ONE Directory Server 5.2
To Register the Board With the Directory Server (32-Bit)
To Register the Board With the Directory Server (64-Bit)
Generating and Installing a Server Certificate
To Generate a Server Certificate
To Install the Server Certificate
Viewing and Installing Root CA Certificates
To View Root CA Certificates Known to the Directory Server
To Install Root CA Certificates
To Enable the Directory Server for SSL
Installing and Configuring Sun ONE Messaging Server 5.2
Installing Sun ONE Messaging Server 5.2
To Install Sun ONE Messaging Server 5.2
Configuring Sun ONE Messaging Server 5.2
To Register the Board With the Messaging Server
To Generate a Server Certificate
To Install the Server Certificate
To Enable the Messaging Server for SSL
Installing and Configuring Sun ONE Portal Server 6.2
Installing Sun ONE Portal Server 6.2
To Install Sun ONE Portal Server 6.2
Configuring Sun ONE Portal Server 6.2
To Register the Board With the Portal Server
Generating and Installing a Server Certificate
To Generate a Server Certificate
To Install the Server Certificate
Viewing and Installing Root CA Certificates
To View Root CA Certificates Known to the Portal Server
To Install Root CA Certificates
To Enable the Portal Server for SSL
6. Installing and Configuring Apache Web Server Software
Configuring Apache Web Server 1.3x
To Configure Apache Web Server
To Generate a Server Certificate
To Install the Server Certificate
Building and Configuring Apache Web Server 2.x
Building Apache 2.x Web Server
Configuring Apache Web Server 2.x
To Generate a Server Certificate
To Install the Server Certificate
Configuring the Apache Web Server to Start Up Without User Interaction on Reboot
To Create an Encrypted Key for Automatic Startup of Apache Web Server on Reboot
Configuring the Sun Crypto Accelerator 1000 for Use With Apache After the Sun Crypto Accelerator 4000 Software is Installed
7. Diagnostics and Troubleshooting
Installing SunVTS netlbtest and nettest Support for the vca Driver
Using SunVTS Software to Perform vcatest, nettest, and netlbtest
Test Parameter Options for vcatest
Using kstat to Determine Cryptographic Activity
Using the OpenBoot PROM FCode Self-Test
Performing the Ethernet FCode Self-Test Diagnostic
Troubleshooting the Sun Crypto Accelerator 4000 Board
Administering the Board to Use PKCS#11
Installing and Administering Applications That Use Cryptographic Services
Hardware Acceleration and Sensitive Keys
Developing Applications to Use PKCS#11
Sun Crypto Accelerator 4000 MMF Adapter
Sun Crypto Accelerator 4000 UTP Adapter
B. Installing the Software Without the Installation Script
Installing the Software Manually
To Install the Software Manually
Installing the Optional Packages
Removing the Software Manually
To Remove the Software Manually
C. SSL Configuration Directives for Apache Web Servers
D. Configuring Custom Applications to Use the Board
Configuring Custom Applications to Use the Board
To Configure Custom Applications to Use the Board
Zeroizing the Sun Crypto Accelerator 4000 Hardware to the Factory State
To Zeroize the Sun Crypto Accelerator 4000 Board With a Hardware Jumper
| Sun Crypto Accelerator 4000 Board Version 1.1 Installation and User's Guide | 817-3693-10 | |
Copyright © 2004, Sun Microsystems, Inc. All rights reserved.