| Sun Crypto Accelerator 6000 Board User’s Guide for Version 1.0 |     |
Sun Crypto Accelerator 6000 Board User’s Guide for Version 1.0
User’s Guide for Version 1.0
819-5536-12
|
Contents |
Regulatory Compliance Statements
Supported Cryptographic Protocols and Algorithms
Cryptographic Algorithm Acceleration
Dynamic Reconfiguration and High Availability
Hardware and Software Requirements
Oracle Solaris 10 on SPARC and x86 Platforms
Linux on x86 AMD Opteron Linux Platforms
2. Installing the Sun Crypto Accelerator 6000 Board
Installing the Board on Oracle Solaris Platforms
Installing the Sun Crypto Accelerator 6000 Board Software With the install Script
Install the Software With the install Script
Directories and Files for Oracle Solaris Platforms
Removing the Sun Crypto Accelerator 6000 Software on Oracle Solaris Platforms With the remove Script
Remove the Software With the remove Script on the CD-ROM
Installing the Software on Oracle Solaris Platforms Without the Installation Script
Install the Software Without the install Script
Removing the Software on Oracle Solaris Platforms Without the remove Script
Remove the Software Without the remove Script
Installing the Sun Crypto Accelerator 6000 Board on Linux Platforms
Installing the Sun Crypto Accelerator 6000 Software on Linux Platforms With the install Script
Installing the Sun Crypto Accelerator 6000 Software on Linux Platforms Without the install Script
Install the Software Without the install Script
Directories and Files for Linux Platforms
Removing the Sun Crypto Accelerator 6000 Software on Linux Platforms Without the remove Script
3. Administering the Sun Crypto Accelerator 6000 Board
Logging In and Out With scamgr
Logging In to a Board With scamgr
Logging In to a Board With a Changed Remote Access Key
Logging Out of a Board With scamgr
Initializing the Board With scamgr
Initializing the Board With a New Keystore
Initialize the Board With a New Keystore
Initializing the Board to Use an Existing Keystore
Initialize the Board to Use an Existing Keystore
Managing Keystores With scamgr
Managing Security Officers and Users
Populate a Keystore With Security Officers
Populate a Keystore With Users
Lock the Keystore to Prevent Backups
Managing Multi-Admin Mode With scamgr
Assign Security Officers the Multi-Admin Role
Remove a Security Officer From the Multi-Admin Role
Set the Minimum Number of Security Officers Required to Authenticate Multi-Admin Commands
Set a Multi-Admin Command Timeout
Cancel a Multi-Admin Command Originated by the Initiating Security Officer
Allow a Multi-Admin Command to Time Out
Log In to a Board During a Multi-Admin Command as a Security Officer Not in the Multi-Admin Role
Attempt to Execute a Multi-Admin Command Without Multi-Admin Role Permissions
Perform a Software Zeroize on the Board
Use the scamgr diagnostics Command
Managing Services for Oracle Solaris Platforms
Service Configuration Parameters
List Service Configuration Parameters
Modify Service Configuration Parameters
Additional Instructions for Administering the Board on Linux Platforms
Financial Service Components Overview
Enabling the Financial Services Feature
Financial Services Library Initialization
Library Open Function fs_lib_open()
Library Shutdown Function fs_lib_close()
Session Establishment Function fs_session_open()
Session Shutdown Function fs_session_close()
Key Separation and Compartmentalization of Risk
Generate Key Function fs_generate_key()
Import Key Function fs_import_key()
Export Key Function fs_export_key()
Translate Key Function fs_translate_key()
Retrieve Object Function fs_retrieve_object()
PIN Verify Function fs_pin_verify()
PIN Translate Function fs_pin_translate()
Credit Card Processing Overview
Credit Card Processing Functions
Credit Card Verification Methods
Administering Financial Services
Financial Services Security Officers (FSSO)
Setting Financial Services Mode (fsmode)
5. Building PKCS#11 Applications for Use With the Sun Crypto Accelerator 6000 Board
Configuring Sun Metaslot to Use the Sun Crypto Accelerator 6000 Board Keystore
Configuring Secure Failover for Sun Metaslot
Developing Applications to Use PKCS#11
Sun Crypto Accelerator 6000 Board PKCS#11 Implementation Specifics
Supported and Unsupported Functions
Building PKCS#11 Applications for Use With the Sun Crypto Accelerator 6000 Board on Linux Platforms
6. Installing and Configuring Sun Java System Application Server Software
Administering Security for Sun Java System Web Servers
Web Server Concepts and Terminology
Preparing to Configure Sun Java System Web Servers
Installing and Configuring Sun Java System Web Server 6.1
Install Sun Java System Web Server 6.1
Register the Board With the Web Server
Install the Server Certificate
Configuring Sun Java System Web Servers to Start Up Without User Interaction on Reboot
Create an Encrypted Key for Automatic Startup of Sun Java System Web Servers on Reboot
Installing and Configuring Sun Java System Web Server on Linux Platforms
7. Installing and Configuring Apache Web Server Software
Installing and Configuring Apache Web Server on Oracle Solaris Platforms
Creating a Private Key and Certificate
Create a Private Key and Certificate
Installing and Configuring Apache Web Server on Linux Platforms
Configuring and Starting Apache Web Server
8. Diagnostics and Troubleshooting
Performing scadiag Diagnostics
Disabling Crypto Traffic on Other Hardware Providers in Your System
Disable Other Hardware Providers
Reenable Other Hardware Providers
Determining Cryptographic Activity With the kstat Utility
Determining Cryptographic Activity On Linux Platforms
Determine Cryptographic Activity On Linux Platforms
Sun Crypto Accelerator 6000 Board
B. Installing and Configuring openCryptoki Software for Linux
Installing openCryptoki Software
Preparing openCryptoki for 64 bit Applications
Installing the Libraries in the Standard Location
Creating openCryptoki Users and Groups
Zeroizing the Sun Crypto Accelerator 6000 Hardware to the Factory State
Zeroize the Sun Crypto Accelerator 6000 Board With a Hardware Jumper
F. Financial Services Header File
G. Supported PKCS#11 Mechanisms
| Sun Crypto Accelerator 6000 Board User’s Guide for Version 1.0 | 819-5536-12 | |
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.