Solaris PKCS #11 Support (Sun Java System Web Server 6.1 SP10 Release Notes)

Sun Java System Web Server 6.1 SP10 Release Notes

Solaris PKCS #11 Support

For web server's SSL subsystem (NSS) to use external PKCS#11 tokens, you have to configure NSS with the modutil command to make it aware of the tokens. The Solaris libpkcs11 softtoken is a PKCS#11 compliant token which can be used with NSS. As an additional benefit on UltraSPARC-T1, systems using the Solaris 10 libpkcs11 task will make use of the platform crypto acceleration support.

Run the modutil command without any arguments for usage information. For example, to add the Solaris 10 libpkcs11 task as a PKCS11 token in NSS.

Ensure that SSL support has been initialized for the web server instances.
Run the following command:

% modutil -dbdir $ALIASDIR -dbprefix $PREFIX -add libpkcs -libfile /usr/lib/libpkcs11.so -mechanisms RSA

where
- $ALIASDIR is the path to the alias directory in the install root where the NSS database files are located.
- $PREFIX is the prefix used by the key3 and cer8 database files in the alias directory and is of the form https-$INSTANCENAME-.
The -mechanisms flag makes this token the preferred initial provider for the given algorithms.
Run the modutil command without any arguments for a list of all possible mechanisms.
Initialize the libpkcs11 provider's password with pktool.

% pktool setpin

For further details on configuring NSS, see the libpkcs11(3LIB), pkcs11_softtoken(5), and pktool(1) man pages. For more information about modutil, see http://www.mozilla.org/projects/security/pki/nss/tools/modutil.html.