Sun Java System Web Server 7.0 Update 7 Administrator's Guide

ProcedureTo Register PKCS#11 Library File

  1. Type the following command to add the Solaris crypto framework to network security services (NSS) in the config directory

    $ cd <install-dir>/<instance-dir>/lib/modutil -dbdir <install-dir>/<instance-dir>/config -nocertdb -add "scf" -libfile /usr/lib/ -mechanisms RSA

  2. Verify the registration using the following command:

    $cd <install-dir>/<instance-dir>/lib/modutil -dbdir <install-dir>/<instance-dir>/config -nocertdb -list

    Listing of PKCS #11 Modules
    1. NSS Internal PKCS #11 Module
         slots: 2 slots attached
             status: loaded
              slot: NSS Internal Cryptographic Services
             token: NSS Generic Crypto Services
              slot: NSS User Private Key and Certificate Services
             token: NSS Certificate DB
       2. scf
             library name: /usr/lib/
              slots: 1 slot attached
             status: loaded
              slot: Sun Crypto Softtoken
             token: Sun Software PKCS#11 softtoken
       3. Root Certs
             library name:
              slots: There are no slots attached to this module
             status: Not loaded

    For more information on creating server certificates, see Requesting a Certificate

    If certificates exists in the NSS database, you can export or import the certificates using the following pk12util command:

    $pk12util -o server.pk12 -d . -n <server-cert>

    $pk12util -i server.pk12 -d . -h "Sun Software PKCS#11 softtoken"

    Note –

    By default, certutil/pk12util searches the databases for cert8.db and key3.db. Add -P as the prefix for the Web Server, which uses the alternate names https-instance-hostname-cert8.db and https-instance-hostname-key3.db.