To Configure Solaris Cryptographic (Sun Java System Web Server 7.0 Update 5 Administrator's Guide)

Sun Java System Web Server 7.0 Update 5 Administrator's Guide

To Configure Solaris Cryptographic

Remove the ./sunw directory from your machine using the following command:

%rm -rf $HOME/.sunw

Set a new pin using the following command:

% pktool setpinEnter new PIN:<type the pin here>

Re-enter new PIN:<retype the pin again>

Disable the mechanisms in the pkcs11_kernel.so and pkcs11_softtoken.so files using the following command:

#cryptoadm disable provider=/usr/lib/security/$ISA/pkcs11_kernel.so mechanism=CKM_SSL3_PRE_MASTER_KEY_GEN,CKM_SSL3_MASTER_KEY_DERIVE,CKM_SSL3_KEYAND_MAC_DERIVE,CKM_SSL3_MASTER_KEY_DERIVE_DH,CKM_SSL3_MD5_MAC,CKM_SSL3_SHA1_MAC

#cryptoadm disable provider=/usr/lib/security/$ISA/pkcs11_softtoken.so mechanism=CKM_SSL3_PRE_MASTER_KEY_GEN,CKM_SSL3_MASTER_KEY_DERIVE,CKM_SSL3_KEYAND_MAC_DERIVE,CKM_SSL3_MASTER_KEY_DERIVE_DH,CKM_SSL3_MD5_MAC,CKM_SSL3_SHA1_MAC

Note –
Ensure to disable mechanisms in pkcs11_softtoken_extra.so file, if it is used.

© 2010, Oracle Corporation and/or its affiliates