Sun Microsystems GLASSFISH ENTERPRISE 820433510 User Manual

To create a custom configuration file:

1. Create a configuration file called as-install/mypkcs11.cfg with the following code and save

the file.

name=HW1000

library=/opt/SUNWconn/crypto/lib/libpkcs11.so

slotListIndex=0

disabledMechanisms = {

CKM_RSA_PKCS

CKM_RSA_PKCS_KEY_PAIR_GEN

}

omitInitialize=true

2. Update the NSS database, if necessary. In this case, update the NSS database so that it will

disable RSA.

Run the following command :

modutil -undefault

"Sun Crypto Accelerator" -dbdir AS_NSS_DB -mechanisms RSA

The name of the algorithm on the mechanisms list differs from the one in the default
configuration. For a list of valid mechanisms in NSS, see the modutil documentation on the
NSS Security Tools site at

http://www.mozilla.org/projects/security/pki/nss/tools

.

3. Update the server with this change by adding a property in the appropriate location, as

follows:

<property name=

"mytoken" value="&InstallDir;/mypkcs11.cfg"/>

The location for the property could be one of the following:

■

If the provider is for a DAS or server instance, add the property under the associated
<security-service>

.

■

If the provider is for a node agent, add the property under the associated
<node-agent>

element in the domain.xml file.

4. Restart the Enterprise Server.

The customized configurations will be in effect after the restart.

Using Hardware Crypto Accelerator With Enterprise Server

Chapter 9 • Configuring Security

125