Using Sun Crypto Accelerator Keystore

The Sun Crypto Accelerator 4000 card provides optimized, scalable SSL operations at speeds much greater than a system CPU can achieve.

To Configure Proxy Server to Use Sun Crypto Accelerator

1. Install the Sun Crypto Accelerator 4000 board.

2. Initialize the Sun Crypto Accelerator 4000 board.

3. Install Proxy Server 4.0.7 (preferably as root).

4. Create a trust database in the proxy instance.

   For more information about creating a trust database, see Creating a Trust Database.

5. Enable the Sun Crypto Accelerator 4000 board.

To Enable the Sun Crypto Accelerator 4000 Board for Proxy Server

1. Set the user and realm using the command secadm.

2. Copy the directory “server-root/bin/proxy” to the directory “server-root/bin/https”.

   This step is required to enable the script ipsslcfg to locate the command modutil.

3. Edit the script /opt/SUNWconn/bin/iplsslcfg and provide the path to modutil.

4. Execute /opt/SUNWconn/bin/iplsslcfg.

5. Select option 1. Configure Sun ONE Web Server for SSL.

   ---

   Note –

   The option 1 denotes configuration of Web Server for SSL. Select the same option 1 for Proxy Server configuration also.

   ---

6. Specify the Proxy Server 4.0.7 installation directory and select y to proceed.

   Module Sun Crypto Accelerator gets added to the database.

7. Restart the administration server.

8. After the restart, select Security->Request Certificate->Cryptographic Module.

   The list displays the following: SUNW acceleration only, Internal, and keystore_name. Each keystore has its own entry in the list.

9. Select the keystore.

   Do not select the option SUNW acceleration only, while creating server certificates.