Sun Microsystems 4000 Bedienungsanleitung

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204

Zur Seite of

Richtige Gebrauchsanleitung

Die Vorschriften verpflichten den Verkäufer zur Übertragung der Gebrauchsanleitung Sun Microsystems 4000 an den Erwerber, zusammen mit der Ware. Eine fehlende Anleitung oder falsche Informationen, die dem Verbraucher übertragen werden, bilden eine Grundlage für eine Reklamation aufgrund Unstimmigkeit des Geräts mit dem Vertrag. Rechtsmäßig lässt man das Anfügen einer Gebrauchsanleitung in anderer Form als Papierform zu, was letztens sehr oft genutzt wird, indem man eine grafische oder elektronische Anleitung von Sun Microsystems 4000, sowie Anleitungsvideos für Nutzer beifügt. Die Bedingung ist, dass ihre Form leserlich und verständlich ist.

Was ist eine Gebrauchsanleitung?

Das Wort kommt vom lateinischen „instructio”, d.h. ordnen. Demnach kann man in der Anleitung Sun Microsystems 4000 die Beschreibung der Etappen der Vorgehensweisen finden. Das Ziel der Anleitung ist die Belehrung, Vereinfachung des Starts, der Nutzung des Geräts oder auch der Ausführung bestimmter Tätigkeiten. Die Anleitung ist eine Sammlung von Informationen über ein Gegenstand/eine Dienstleistung, ein Hinweis.

Leider widmen nicht viele Nutzer ihre Zeit der Gebrauchsanleitung Sun Microsystems 4000. Eine gute Gebrauchsanleitung erlaubt nicht nur eine Reihe zusätzlicher Funktionen des gekauften Geräts kennenzulernen, sondern hilft dabei viele Fehler zu vermeiden.

Was sollte also eine ideale Gebrauchsanleitung beinhalten?

Die Gebrauchsanleitung Sun Microsystems 4000 sollte vor allem folgendes enthalten:
- Informationen über technische Daten des Geräts Sun Microsystems 4000
- Den Namen des Produzenten und das Produktionsjahr des Geräts Sun Microsystems 4000
- Grundsätze der Bedienung, Regulierung und Wartung des Geräts Sun Microsystems 4000
- Sicherheitszeichen und Zertifikate, die die Übereinstimmung mit entsprechenden Normen bestätigen

Warum lesen wir keine Gebrauchsanleitungen?

Der Grund dafür ist die fehlende Zeit und die Sicherheit, was die bestimmten Funktionen der gekauften Geräte angeht. Leider ist das Anschließen und Starten von Sun Microsystems 4000 zu wenig. Eine Anleitung beinhaltet eine Reihe von Hinweisen bezüglich bestimmter Funktionen, Sicherheitsgrundsätze, Wartungsarten (sogar das, welche Mittel man benutzen sollte), eventueller Fehler von Sun Microsystems 4000 und Lösungsarten für Probleme, die während der Nutzung auftreten könnten. Immerhin kann man in der Gebrauchsanleitung die Kontaktnummer zum Service Sun Microsystems finden, wenn die vorgeschlagenen Lösungen nicht wirksam sind. Aktuell erfreuen sich Anleitungen in Form von interessanten Animationen oder Videoanleitungen an Popularität, die den Nutzer besser ansprechen als eine Broschüre. Diese Art von Anleitung gibt garantiert, dass der Nutzer sich das ganze Video anschaut, ohne die spezifizierten und komplizierten technischen Beschreibungen von Sun Microsystems 4000 zu überspringen, wie es bei der Papierform passiert.

Warum sollte man Gebrauchsanleitungen lesen?

In der Gebrauchsanleitung finden wir vor allem die Antwort über den Bau sowie die Möglichkeiten des Geräts Sun Microsystems 4000, über die Nutzung bestimmter Accessoires und eine Reihe von Informationen, die erlauben, jegliche Funktionen und Bequemlichkeiten zu nutzen.

Nach dem gelungenen Kauf des Geräts, sollte man einige Zeit für das Kennenlernen jedes Teils der Anleitung von Sun Microsystems 4000 widmen. Aktuell sind sie genau vorbereitet oder übersetzt, damit sie nicht nur verständlich für die Nutzer sind, aber auch ihre grundliegende Hilfs-Informations-Funktion erfüllen.

Inhaltsverzeichnis der Gebrauchsanleitungen

  • Seite 1

    Sun Microsystems, Inc. 4150 Network Circle Santa Clara, CA 95054 U .S.A. 650-960-1300 Send comments about this document to: docfeedback@sun.com Sun™ Cr ypto Accelerator 4000 Board Installation and User’ s Guide P ar t No . 817-0431-10 May 2003, Re vision A[...]

  • Seite 2

    Please Recycle Copyright 2003 Sun Microsystems, Inc., 4150 Network Cir cle, Santa Clara, CA 95054 U.S.A. All rights reserved. This product or document is distributed under licenses r estricting its use, copying, distribution, and decompilation. No part of this product or document may be repr oduced in any form by any means without prior written aut[...]

  • Seite 3

    iii Declaration of Conformity (Fiber MMF) EMC European Union This equipment complies with the following r equirements of the EMC Directive 89/336/EEC: As T elecommunication Network Equipment (TNE) in both T elecom Centers and Other Than T elecom Centers per (as applicable): As information T echnology Equipment (ITE) Class B per (as applicable): Saf[...]

  • Seite 4

    iv Sun Crypto Accelerator 4000 Board Installation and User’s Guide • May 2003 Supplementary Information This product was tested and complies with all the r equirements for the CE Mark. Declaration of Conformity (Copper UTP) EMC European Union This equipment complies with the following r equirements of the EMC Directive 89/336/EEC: As T elecommu[...]

  • Seite 5

    v As information T echnology Equipment (ITE) Class B per (as applicable): Safety This equipment complies with the following r equirements of the Low V oltage Directive 73/23/EEC: Supplementary Information This product was tested and complies with all the r equirements for the CE Mark. EN61000-4-2 6 kV (Direct), 8 kV (Air) EN61000-4-3 3 V/m 80-1000M[...]

  • Seite 6

    vi Sun Crypto Accelerator 4000 Board Installation and User’s Guide • May 2003[...]

  • Seite 7

    vii Regulatory Compliance Statements Y our Sun product is marked to indicate its compliance class: • Federal Communications Commission (FCC) — USA • Industry Canada Equipment Standard for Digital Equipment (ICES-003) — Canada • V oluntary Control Council for Interfer ence (VCCI) — Japan • Bureau of Standar ds Metrology and Inspection [...]

  • Seite 8

    viii Sun Crypto Accelerator 4000 Board Installation and User’s Guide • Ma y 2003 ICES-003 Class A Notice - A vis NMB-003, Classe A This Class A digital apparatus complies with Canadian ICES-003. Cet appareil numérique de la classe A est conforme à la norme NMB-003 du Canada. ICES-003 Class B Notice - A vis NMB-003, Classe B This Class B digit[...]

  • Seite 9

    ix BSMI Class A Notice The following statement is applicable to products shipped to T aiwan and marked as Class A on the product compliance label.[...]

  • Seite 10

    x Sun Crypto Accelerator 4000 Board Installation and User’s Guide • Ma y 2003[...]

  • Seite 11

    xi Contents 1. Product Overview 1 Product Features 1 Key Protocols and Interfaces 1 Key Features 2 Supported Applications 2 Supported Cryptographic Protocols 2 Diagnostic Support 3 Cryptographic Algorithm Acceleration 3 Supported Cryptographic Algorithms 3 Bulk Encryption 4 Hardware Overview 5 IPsec Hardwar e Acceleration 5 Sun Crypto Accelerator 4[...]

  • Seite 12

    xii Sun Crypto Accelerator 4000 Board Installation and User’s Guide • May 2003 Required Patches 10 Apache W eb Server Patch 10 Solaris 8 Patches 1 1 Solaris 9 Patches 1 1 2. Installing the Sun Crypto Accelerator 4000 Board 13 Handling the Board 13 Installing the Board 14 ▼ T o Install the Hardwar e 14 Installing the Sun Crypto Accelerator 400[...]

  • Seite 13

    Contents xiii Noninteractive and Interactive Modes 34 Setting Autonegotiation or Forced Mode 36 ▼ T o Disable Autonegotiation Mode 37 Setting Parameters Using the vca.conf File 38 ▼ T o Set Driver Parameters Using a vca.conf File 38 Setting Parameters for All Sun Crypto Accelerator 4000 vca Devices W ith the vca.conf File 39 ▼ T o Set Paramet[...]

  • Seite 14

    xiv Sun Crypto Accelerator 4000 Board Installation and User’s Guide • May 2003 Logging In to a New Board 59 Logging In to a Board W ith a Changed Remote Access Key 60 vcaadm Prompt 61 Logging Out of a Board W ith vcaadm 61 Entering Commands With vcaadm 63 Getting Help for Commands 64 Quitting the vcaadm Program in Interactive Mode 65 Initializi[...]

  • Seite 15

    Contents xv Displaying Board Status 77 Loading New Firmware 78 Resetting a Sun Crypto Accelerator 4000 Board 78 Rekeying a Sun Crypto Accelerator 4000 Board 79 Zeroizing a Sun Crypto Accelerator 4000 Boar d 80 Using the vcaadm diagnostics Command 80 Using vcadiag 81 5. Conf iguring Sun ONE Server Software for Use W ith the Sun Crypto Accelerator 40[...]

  • Seite 16

    xvi Sun Crypto Accelerator 4000 Board Installation and User’s Guide • May 2003 Installing and Configuring Sun ONE Web Server 6.0 101 Installing Sun ONE W eb Server 6.0 101 ▼ T o Install Sun ONE W eb Server 6.0 101 ▼ T o Create a T rust Database 102 ▼ T o Generate a Server Certificate 104 ▼ T o Install the Server Certificate 107 Configur[...]

  • Seite 17

    Contents xvii ▼ Performing the Ethernet FCode Self-T est Diagnostic 129 Troubleshooting the Sun Crypto Accelerator 4000 Board 132 show-devs 132 .properties 133 watch-net 134 A. Specif ications 135 Sun Crypto Accelerator 4000 MMF Adapter 135 Connectors 135 Physical Dimensions 137 Performance Specifications 137 Power Requirements 137 Interface Spec[...]

  • Seite 18

    xviii Sun Crypto Accelerator 4000 Board Installation and User’s Guide • May 2003 E. Manual Pages 161 F . Zeroizing the Hardware 163 Zeroizing the Sun Crypto Accelerator 4000 Hardware to the Factory State 163 ▼ T o Zeroize the Sun Crypto Accelerator 4000 Boar d W ith the Hardwar e Jumper 164 G. Frequently Asked Questions 167 How Do I Configur [...]

  • Seite 19

    xix T ables TABLE 1-1 IPsec Cryptographic Algorithms 3 TABLE 1-2 SSL Cryptographic Algorithms 3 TABLE 1-3 Supported SSL Algorithms 4 TABLE 1-4 Front Panel Display LEDs for the MMF Adapter 6 TABLE 1-5 Front Panel Display LEDs for the UTP Adapter 8 TABLE 1-6 Hardware and Software Requirements 10 TABLE 1-7 Required Solaris 8 Patches for Sun Crypto Acc[...]

  • Seite 20

    xx Sun Crypto Accelerator 4000 Board Installation and User’s Guide • May 2003 TABLE 3-12 Cryptographic Driver Statistics 43 TABLE 3-13 Ethernet Driver Statistics 44 TABLE 3-14 TX and RX MAC Counters 45 TABLE 3-15 Current Ethernet Link Properties 47 TABLE 3-16 Read-Only vca Device Capabilities 47 TABLE 3-17 Read-Only Link Partner Capabilities 48[...]

  • Seite 21

    Tables xxi TABLE A-9 Performance Specifications 140 TABLE A-10 Power Requirements 140 TABLE A-11 Interface Specifications 141 TABLE A-12 Environmental Specifications 141 TABLE B-1 SSL Protocols 144 TABLE B-2 Available SSL Ciphers 145 TABLE B-3 SSL Aliases 146 TABLE B-4 Special Characters to Configure Cipher Preference 147 TABLE B-5 SSL Verify Clien[...]

  • Seite 22

    xxii Sun Crypto Accelerator 4000 Board Installation and User’s Guide • May 2003[...]

  • Seite 23

    xxiii Pr eface The Sun Crypto Accelerator 4000 Board Installation and User ’ s Guide lists the features, protocols, and interfaces of the Sun™ Crypto Accelerator 4000 boar d and describes how to install, configur e, and manage the board in your system. This book assumes that you are a network administrator with experience configuring one or mor[...]

  • Seite 24

    xxiv Sun Crypto Accelerator 4000 Board Installation and User’s Guide • May 2003 ■ Chapter 7 describes how to test the Sun Crypto Accelerator 4000 board with the SunVTS diagnostic application and the onboard FCode self-test. This chapter also provides tr oubleshooting techniques with OpenBoot PROM commands. ■ Appendix A lists the specificati[...]

  • Seite 25

    Preface xxv T ypographic Conventions Shell Pr ompts T ypeface Meaning Examples AaBbCc123 The names of commands, files, and directories; on-scr een computer output Edit your .login file. Use ls -a to list all files. % You have mail . AaBbCc123 What you type, when contrasted with on-screen computer output % su Password: AaBbCc123 Book titles, new wor[...]

  • Seite 26

    xxvi Sun Crypto Accelerator 4000 Board Installation and User’s Guide • May 2003 Accessing Sun Documentation Online Y ou can view , print, or purchase a br oad selection of Sun documentation, including localized versions, at: http://www.sun.com/documentation Sun W elcomes Y our Comments Sun is interested in impr oving its documentation and welco[...]

  • Seite 27

    1 CHAPTER 1 Pr oduct Overview This chapter provides an overview of the Sun Crypto Accelerator 4000 board, and contains the following sections: ■ “Product Features” on page 1 ■ “Hardwar e Overview” on page 5 ■ “Hardwar e and Software Requirements” on page 10 Pr oduct Featur es The Sun Crypto Accelerator 4000 board is a Gigabit Ethe[...]

  • Seite 28

    2 Sun Crypto Accelerator 4000 Board Installation and User’s Guide • May 2003 Key Featur es ■ Gigabit Ethernet with either copper or fiber interface ■ Accelerates IPsec and SSL cryptographic functions ■ Session establishment rate: up to 4300 operations per second ■ Bulk encryption rate: up to 800 Mbps ■ Provides up to 2048-bit RSA encr[...]

  • Seite 29

    Chapter 1 Product Overview 3 Diagnostic Support ■ User-executable self-test using OpenBoot™ PROM ■ SunVTS™ diagnostic tests Cryptographic Algorithm Acceleration The Sun Crypto Accelerator 4000 boar d accelerates cryptographic algorithms in both hardwar e and software. The reason for this complexity is that the cost of accelerating cryptogra[...]

  • Seite 30

    4 Sun Crypto Accelerator 4000 Board Installation and User’s Guide • May 2003 SSL Acceleration T ABLE 1-3 shows which SSL accelerated algorithms may be off-loaded to hardwar e and which software algorithms are pr ovided for Sun ONE and Apache W eb Servers. Bulk Encryption The Sun Crypto Accelerator 4000 bulk encryption feature for Sun ONE server[...]

  • Seite 31

    Chapter 1 Product Overview 5 Har dwar e Overview The Sun Crypto Accelerator 4000 hardwar e is a full size (4.2 inches x 12.283 inches) cryptographic accelerator PCI Gigabit Ethernet adapter that enhances the performance of IPsec and SSL on Sun servers. IPsec Har dware Acceleration The Sun Crypto Accelerator 4000 board encrypts and decrypts IPsec pa[...]

  • Seite 32

    6 Sun Crypto Accelerator 4000 Board Installation and User’s Guide • May 2003 Sun Crypto Accelerator 4000 MMF Adapter The Sun Crypto Accelerator 4000 MMF adapter is a single-port Gigabit Ethernet fiber optics PCI bus car d. It operates in 1000 Mbps Ethernet networks only . FIGURE 1-1 Sun Crypto Accelerator 4000 MMF Adapter LED Displays See T ABL[...]

  • Seite 33

    Chapter 1 Product Overview 7 Sun Crypto Accelerator 4000 UTP Adapter The Sun Crypto Accelerator 4000 UTP adapter is a single-port Gigabit Ethernet copper-based PCI bus car d. It can be configured to operate in 10, 100, or 1000 Mbps Ethernet networks. FIGURE 1-2 Sun Crypto Accelerator 4000 UTP Adapter Init On if the security off icer has initialized[...]

  • Seite 34

    8 Sun Crypto Accelerator 4000 Board Installation and User’s Guide • May 2003 LED Displays See T ABLE 1-5 . Note – The service pack numbers (SP9 or SP1) are implied whenever Sun ONE W eb Server 4.1 or 6.0 is mentioned. T ABLE 1-5 Front Panel Display LEDs for the UTP Adapter Label Meaning if Lit Color Fault On when the board is HAL TED (fatal e[...]

  • Seite 35

    Chapter 1 Product Overview 9 Dynamic Reconf iguration and High A vailability The Sun Crypto Accelerator 4000 hardwar e and associated software provides the capability to work effectively on Sun platforms supporting Dynamic Reconfiguration (DR) and hot-plugging. During a DR or hot-plug operation, the Sun Crypto Accelerator 4000 software layer automa[...]

  • Seite 36

    10 Sun Crypto Accelerator 4000 Board Installation and User’s Guide • May 2003 Har dwar e and Software Requir ements T ABLE 1-6 provides a summary of the har dware and software r equirements for the Sun Crypto Accelerator 4000 adapter . Requir ed Patches Refer to the Sun Crypto Accelerator 4000 Board Release Notes for additional required patch i[...]

  • Seite 37

    Chapter 1 Product Overview 11 Solaris 8 Patches The following tables list required and r ecommended Solaris 8 patches to use with this product. T ABLE 1-7 lists and describes required patches. Solaris 9 Patches There ar e currently no requir ed Solaris 9 patches. T ABLE 1-7 Required Solaris 8 Patches for Sun Crypto Accelerator 4000 Softwar e Patc h[...]

  • Seite 38

    12 Sun Crypto Accelerator 4000 Board Installation and User’s Guide • May 2003[...]

  • Seite 39

    13 CHAPTER 2 Installing the Sun Crypto Accelerator 4000 Boar d This chapter describes how to install the Sun Crypto Accelerator 4000 hardware and software. This chapter includes the following sections: ■ “Handling the Board” on page 13 ■ “Installing the Board” on page 14 ■ “Installing the Sun Crypto Accelerator 4000 Software” on p[...]

  • Seite 40

    14 Sun Crypto Accelerator 4000 Board Installation and User’s Guide • May 2003 Installing the Boar d Installing the Sun Crypto Accelerator 4000 board involves inserting the board into the system and loading the software tools. The hardwar e installation instructions include only general steps for installing the board. Refer to the documentation [...]

  • Seite 41

    Chapter 2 Installing the Sun Cr ypto Accelerator 4000 Board 15 T o determine whether the Sun Crypto Accelerator 4000 device properties ar e listed correctly: fr om the ok prompt, navigate to the device path and type .properties to display the list of properties. ok cd /pci@8,600000/network@1 ok .properties assigned-addresses 82000810 00000000 00102[...]

  • Seite 42

    16 Sun Crypto Accelerator 4000 Board Installation and User’s Guide • May 2003 Installing the Sun Crypto Accelerator 4000 Softwar e The Sun Crypto Accelerator 4000 software is included on the Sun Crypto Accelerator 4000 CD. Y ou may need to download patches from the SunSolve web site. See “Required Patches” on page 10 for more information. ?[...]

  • Seite 43

    Chapter 2 Installing the Sun Cr ypto Accelerator 4000 Board 17 Y ou see the following files and dir ectories in the /cdrom/cdrom0 directory . The requir ed packages must be installed in a specific order and must be installed before installing any optional packages. Once the requir ed packages are installed, you can install and remove the optional p[...]

  • Seite 44

    18 Sun Crypto Accelerator 4000 Board Installation and User’s Guide • May 2003 2. Install the required software packages by typing: 3. (Optional) T o verify that the software is installed properly , run the pkginfo command. 4. (Optional) T o ensure that the driver is attached, you can run the prtdiag command. Refer to the prtdiag (1m) online man[...]

  • Seite 45

    Chapter 2 Installing the Sun Cr ypto Accelerator 4000 Board 19 T o install all of the optional software packages, type the following: Refer to T ABLE 2-1 for a description of the package contents of the optional packages in the previous examples. Dir ectories and Files T ABLE 2-2 shows the directories cr eated by the default installation of the Sun[...]

  • Seite 46

    20 Sun Crypto Accelerator 4000 Board Installation and User’s Guide • May 2003 FIGURE 2-1 Sun Crypto Accelerator 4000 Dir ectories and Files Note – Once you have installed the hardware and softwar e of the board, you need to initialize the board with conf iguration and keystore information. Refer to “Initializing the Sun Crypto Accelerator 4[...]

  • Seite 47

    Chapter 2 Installing the Sun Cr ypto Accelerator 4000 Board 21 Removing the Softwar e If you have created keystores (r efer to “Managing Keystores W ith vcaadm” on page 69), you must delete the keystore information that the Sun Crypto Accelerator 4000 board is conf igured with before r emoving the software. The zeroize command removes all key m[...]

  • Seite 48

    22 Sun Crypto Accelerator 4000 Board Installation and User’s Guide • May 2003 Note – After installing or removing the SunVTS test ( SUNWvcav ) for the Sun Crypto Accelerator 4000 board, if SunVTS is already r unning it might be necessary to repr obe the system to update the available tests. See your SunVTS documentation for more information.[...]

  • Seite 49

    23 CHAPTER 3 Conf iguring Driver Parameters This chapter describes how to configure the vca device driver parameters used by both the Sun Crypto Accelerator 4000 UTP and MMF Ethernet adapters. This chapter contains the following sections: ■ “Sun Crypto Accelerator 4000 Ethernet Device Driver (vca) Parameters” on page 23 ■ “Setting vca Dri[...]

  • Seite 50

    24 Sun Crypto Accelerator 4000 Board Installation and User’s Guide • May 2003 with the remote end of the link (link partner) to select a common mode of operation for the speed , duplex , and link-clock parameters. The link-clock parameter is applicable only if the board is operating at a 1000 Mbps. The vca device can also be configur ed to oper[...]

  • Seite 51

    Chapter 3 Configuring Dr iver P arameters 25 Advertised Link Parameters The following parameters determine the transmit and receive speed and duplex link parameters to be advertised by the vca driver to its link partner . T ABLE 3-2 describes the operational mode parameters and their default values. Note – If a parameter ’s initial setting is 0[...]

  • Seite 52

    26 Sun Crypto Accelerator 4000 Board Installation and User’s Guide • May 2003 The Sun Crypto Accelerator 4000 UTP adapter advertised link parameters are differ ent from those of the Sun Crypto Accelerator 4000 MMF adapter as shown in T ABLE 3-2 . T ABLE 3-2 Operational Mode Parameters Parameter Description The following parameter is for both th[...]

  • Seite 53

    Chapter 3 Configuring Dr iver P arameters 27 If all of the previous parameters ar e set to 1, autonegotiation will use the highest speed possible. If all of the previous parameters are set to 0, you will r eceive the following error message: Note – In the previous example, vca0 is the Sun Crypto Accelerator 4000 board device name where the string[...]

  • Seite 54

    28 Sun Crypto Accelerator 4000 Board Installation and User’s Guide • May 2003 Gigabit For ced Mode Parameter For Gigabit links, this parameter determines the link-master . Generally , switches are enabled as a link master; in which case, this parameter can remain unchanged. If this is not the case, then the link-master parameter can be used to [...]

  • Seite 55

    Chapter 3 Configuring Dr iver P arameters 29 have enable-ipg0 enabled might not have enough time on the network. Y ou can add the additional delay by setting the ipg0 parameter from 0 to 255, which is the media byte time delay . T ABLE 3-5 defines the enable-ipg0 and ipg0 parameters. The vca device supports the programmable interpacket gap paramete[...]

  • Seite 56

    30 Sun Crypto Accelerator 4000 Board Installation and User’s Guide • May 2003 Interrupt Parameters T ABLE 3-7 describes the receive interrupt blanking values. Random Early Dr op Parameters These parameters provide the ability to drop packets based on the fullness of the receive FIFO. By default, this feature is disabled. When FIFO occupancy rea[...]

  • Seite 57

    Chapter 3 Configuring Dr iver P arameters 31 red-dv6to8k 0 to 255 Random early detection and packet drop vectors for when FIFO threshold is gr eater than 6,144 bytes and less than 8,192 bytes. Probability of dr op can be programmed on a 12.5 per cent granularity . For example, if bit 8 is set, the first packet out of every eight will be dropped in [...]

  • Seite 58

    32 Sun Crypto Accelerator 4000 Board Installation and User’s Guide • May 2003 PCI Bus Interface Parameters These parameters allow you to modify PCI interface features to gain better PCI interperformance for a given application. T ABLE 3-9 PCI Bus Interface Parameters Parameter Description tx-dma-weight Determines the multiplication factor for g[...]

  • Seite 59

    Chapter 3 Configuring Dr iver P arameters 33 Setting vca Driver Parameters Y ou can set the vca device driver parameters in two ways: ■ Using the ndd utility ■ Using the vca.conf file If you use the ndd utility , the parameters are valid only until you reboot the system. This method is good for testing parameter settings. T o set parameters so [...]

  • Seite 60

    34 Sun Crypto Accelerator 4000 Board Installation and User’s Guide • May 2003 Note – In the examples in this user ’s guide, N represents the instance number of the device. The device remains selected until you change the selection. Noninteractive and Interactive Modes Y ou can use the ndd utility in two modes: ■ Noninteractive ■ Interac[...]

  • Seite 61

    Chapter 3 Configuring Dr iver P arameters 35 Using the ndd Utility in Interactive Mode ● T o modify a parameter value in interactive mode, specify ndd /dev/vca ,a s shown below . The ndd utility then prompts you for the name of the parameter: After typing the parameter name, the ndd utility prompts you for the parameter value (see T ABLE 3-1 thro[...]

  • Seite 62

    36 Sun Crypto Accelerator 4000 Board Installation and User’s Guide • May 2003 ● T o list all the parameters supported by the vca driver , type ndd /dev/vca . (See T ABLE 3-1 through T ABLE 3-9 for parameter descriptions.) Setting Autonegotiation or Forced Mode The following link parameters can be set to operate in either autonegotiation or fo[...]

  • Seite 63

    Chapter 3 Configuring Dr iver P arameters 37 By default, autonegotiation mode is enabled for these link parameters. When either of these parameters are in autonegotiation mode, the vca device communicates with the link partner to negotiate a compatible value and flow control capability . When a value other than auto is set for either of these param[...]

  • Seite 64

    38 Sun Crypto Accelerator 4000 Board Installation and User’s Guide • May 2003 Setting Parameters Using the vca.conf File Y ou can also specify the driver parameter properties by adding entries to the vca.conf file in the /kernel/drv dir ectory . The parameter names are the same names listed in “Driver Parameter V alues and Definitions” on p[...]

  • Seite 65

    Chapter 3 Configuring Dr iver P arameters 39 The device path name in the first line of the pr evious example is ”/pci@8,600000/network@1” . Device path names are made up of three parts: device parent name, device node name, and device unit address. See T ABLE 3-10 . T o identify a PCI device unambiguously in the vca.conf file, use the entire de[...]

  • Seite 66

    40 Sun Crypto Accelerator 4000 Board Installation and User’s Guide • May 2003 ▼ T o Set Parameters for All Sun Crypto Accelerator 4000 vca Devices W ith the vca.conf File 1. Add a line in the vca.conf f ile to change the value of a parameter for all instances by entering parameter = value ; . The following example sets the adv-autoneg-cap par[...]

  • Seite 67

    Chapter 3 Configuring Dr iver P arameters 41 Enabling Autonegotiation or For ced Mode for Link Parameters W ith the OpenBoot PROM The following parameters can be configured to operate in autonegotiation or forced mode at the OpenBoot PROM (OBP) interface: T o establish a proper link, the speed , duplex , and link-clock (1000 Mbps only) parameters m[...]

  • Seite 68

    42 Sun Crypto Accelerator 4000 Board Installation and User’s Guide • May 2003 When the local link is operating in autonegotiation mode for the speed and duplex parameters at 100 Mbps and below and both full and half duplexes, then the link partner uses either the 100 Mbps or 10 Mbps speeds with either duplex. When the speed parameter is operati[...]

  • Seite 69

    Chapter 3 Configuring Dr iver P arameters 43 T o establish a forced mode for a speed of 10 Mbps and an autonegotiation mode for duplex, type the following at the OBP prompt: Y ou could also type the following at the OBP prompt to establish the same local link parameters as the previous example: Refer to the IEEE 802.3 documentation for further deta[...]

  • Seite 70

    44 Sun Crypto Accelerator 4000 Board Installation and User’s Guide • May 2003 Ethernet Driver Statistics T ABLE 3-13 describes the Ethernet driver statistics. T ABLE 3-13 Ethernet Driver Statistics Parameter Description Stable or Unstable ipackets Number of inbound packets. Stable ipackets64 64-bit version of ipackets . Stable ierrors T otal pa[...]

  • Seite 71

    Chapter 3 Configuring Dr iver P arameters 45 T ABLE 3-14 describes the transmit and receive MAC counters. T ABLE 3-14 TX and RX MAC Counters Parameter Description Stable or Unstable tx-collisions 16-bit loadable counter increments for every frame transmission attempt that resulted in a collision. Stable tx-first-collisions 16-bit loadable counter i[...]

  • Seite 72

    46 Sun Crypto Accelerator 4000 Board Installation and User’s Guide • May 2003 tx-underrun 16-bit loadable counter increments after a valid frame has been received fr om the network. Unstable rx-length-err 16-bit loadable counter increments after a frame, whose length is greater than the value that was programmed in the Maximum Frame Size Regist[...]

  • Seite 73

    Chapter 3 Configuring Dr iver P arameters 47 The following Ethernet properties ( T ABLE 3-15 ) ar e derived from the intersection of device capabilities and the link partner capabilities. T ABLE 3-15 describes the current Ethernet link pr operties. T ABLE 3-16 describes the read-only Media Independent Interface (MII) capabilities. These parameters [...]

  • Seite 74

    48 Sun Crypto Accelerator 4000 Board Installation and User’s Guide • May 2003 Reporting the Link Partner Capabilities T ABLE 3-17 describes the read-only link partner capabilities. cap-10fdx Local interface full-duplex capability 0 = Not 10 Mbps full-duplex capable 1 = 10 Mbps full-duplex capable Stable cap-10hdx Local interface half-duplex cap[...]

  • Seite 75

    Chapter 3 Configuring Dr iver P arameters 49 If the link partner is not capable of autonegotiation (when lp-cap-autoneg is 0), the remaining information described in T ABLE 3-17 is not relevant and the parameter value is 0. If the link partner is capable of autonegotiation (when lp-cap-autoneg is 1), then the speed and mode information is displayed[...]

  • Seite 76

    50 Sun Crypto Accelerator 4000 Board Installation and User’s Guide • May 2003 tx-queue3 Number of packets queued for transmission on the fourth hardwar e transmit queue. Unstable Ethernet Receive Counters rx-hdr-pkts Number of packets received that wer e less than 256 bytes. Unstable rx-mtu-pkts Number of packets received that wer e greater tha[...]

  • Seite 77

    Chapter 3 Configuring Dr iver P arameters 51 ▼ T o Check Link Partner Settings ● As superuser , type the kstat vca: N command: Note – In the previous example, N is the instance number of the vca device. This number should ref lect the instance number of the board for which you are running the kstat command. rx-rel-flow Number of times the dri[...]

  • Seite 78

    52 Sun Crypto Accelerator 4000 Board Installation and User’s Guide • May 2003 Network Conf iguration This section describes how to edit the network host files after the adapter has been installed on your system. Conf iguring the Network Host Files After installing the driver software, you must cr eate a hostname.vca N file for the adapter ’s [...]

  • Seite 79

    Chapter 3 Configuring Dr iver P arameters 53 T o use the vca interface of the example shown in Step 1, create an /etc/ hostname .vca N file, wher e N corresponds to the instance number of the device which is 0 in this example. If the instance number were 1, the file name would be /etc/ hostname .vca1 . ■ Do not create an /etc/ hostname .vca N f i[...]

  • Seite 80

    54 Sun Crypto Accelerator 4000 Board Installation and User’s Guide • May 2003[...]

  • Seite 81

    55 CHAPTER 4 Administering the Sun Crypto Accelerator 4000 Boar d W ith the vcaadm and vcadiag Utilities This chapter provides an overview of the vcaadm and vcadiag utilities. The following sections are included: ■ “Using vcaadm” on page 55 ■ “Logging In and Out W ith vcaadm” on page 58 ■ “Entering Commands W ith vcaadm” on page 6[...]

  • Seite 82

    56 Sun Crypto Accelerator 4000 Board Installation and User’s Guide • May 2003 The vcaadm command-line syntax is: ■ vcaadm [-H] ■ vcaadm [-y] [-h host ] [-p port ] [-d vca N ] [-f filename ] ■ vcaadm [-y] [-h host ] [-p port ] [-d vca N ] [-s sec_officer ] command Note – When using the -d attribute, vca N is the board’s device name wh[...]

  • Seite 83

    Chapter 4 Administering the Sun Cr ypto Accelerator 4000 Board With the vcaadm and vcadiag Utilities 57 Note – T o use vcaadm , you must authenticate as security officer . How often you need to authenticate as security officer is determined by which operating mode you are using. Single-Command Mode In Single-Command mode, you must authenticate as[...]

  • Seite 84

    58 Sun Crypto Accelerator 4000 Board Installation and User’s Guide • May 2003 T o enter commands in File mode, you specify a file from which vcaadm reads one or more commands. The f ile must be ASCII text, consisting of one command per line. Begin each comment with a pound sign (#) character . If the File mode option is set, vcaadm ignores any [...]

  • Seite 85

    Chapter 4 Administering the Sun Cr ypto Accelerator 4000 Board With the vcaadm and vcadiag Utilities 59 Logging In to a Boar d W ith vcaadm If the security off icer connects to a new board, vcaadm will notify the security officer and prompt the following options: If the security off icer connects to a board that has a remote access key that has bee[...]

  • Seite 86

    60 Sun Crypto Accelerator 4000 Board Installation and User’s Guide • May 2003 When connecting to a new board, vcaadm must create a new entry in the tr ust database. The following is an example of logging in to a new board. Logging In to a Board W ith a Changed Remote Access Key When connecting to a board that has a changed remote access key , v[...]

  • Seite 87

    Chapter 4 Administering the Sun Cr ypto Accelerator 4000 Board With the vcaadm and vcadiag Utilities 61 vcaadm Prompt The vcaadm prompt in Interactive mode is displayed as follows: The following table describes the vcaadm prompt variables: Logging Out of a Boar d W ith vcaadm If you are working in Interactive mode, you may want to disconnect from o[...]

  • Seite 88

    62 Sun Crypto Accelerator 4000 Board Installation and User’s Guide • May 2003 In the previous example, notice the vcaadm> pr ompt no longer displays the device instance number , hostname, or security of ficer name. T o log in to another device, type the connect command with the following optional parameters. Example: vcaadm will not let you [...]

  • Seite 89

    Chapter 4 Administering the Sun Cr ypto Accelerator 4000 Board With the vcaadm and vcadiag Utilities 63 Entering Commands W ith vcaadm The vcaadm program has a command language that must be used to interact with the Sun Crypto Accelerator 4000 board. Commands are enter ed using all or part of a word (enough to uniquely identify that word fr om any [...]

  • Seite 90

    64 Sun Crypto Accelerator 4000 Board Installation and User’s Guide • May 2003 Getting Help for Commands vcaadm has built-in help functions. T o get help, you must enter a question mark (?) character following the command you want more help on. If an entire command is entered and a “?” exists anywher e on the line, you will get the syntax fo[...]

  • Seite 91

    Chapter 4 Administering the Sun Cr ypto Accelerator 4000 Board With the vcaadm and vcadiag Utilities 65 When not in vcaadm Interactive mode, the “?” character could be interpreted by the shell in which you are working. In this case, be sure to use the command shell escape character before the question mark. Quitting the vcaadm Pr ogram in Inter[...]

  • Seite 92

    66 Sun Crypto Accelerator 4000 Board Installation and User’s Guide • May 2003 ▼ T o Initialize the Su n Crypto Accelerator 4000 Boar d W ith a New Keystore 1. Enter vcaadm at a command prompt of the system with the Sun Crypto Accelerator 4000 board installed or enter vcaadm -h hostname if the system is remote, and select 1 to initialize the b[...]

  • Seite 93

    Chapter 4 Administering the Sun Cr ypto Accelerator 4000 Board With the vcaadm and vcadiag Utilities 67 Note – Before an essential parameter is changed or deleted, or before a command is executed that may have drastic consequences, vcaadm prompts you to enter Y , Yes , N ,o r No to conf irm. These values are not case sensitive; the default is No [...]

  • Seite 94

    68 Sun Crypto Accelerator 4000 Board Installation and User’s Guide • May 2003 ▼ T o Initialize the Su n Crypto Accelerator 4000 Boar d to Use an Existing Keystore 1. Enter vcaadm at a command prompt of the system with the Sun Crypto Accelerator 4000 board installed or enter vcaadm -h hostname if the system is remote, and select 2 to restore t[...]

  • Seite 95

    Chapter 4 Administering the Sun Cr ypto Accelerator 4000 Board With the vcaadm and vcadiag Utilities 69 Managing Keystor es W ith vcaadm A keystore is a r epository for key material. Associated with a keystore are security off icers and users. Keystores not only provide storage, but a means for key objects to be owned by user accounts. This enables[...]

  • Seite 96

    70 Sun Crypto Accelerator 4000 Board Installation and User’s Guide • May 2003 Setting the Password Requir ements Use the set passreq command to set the password r equirements for the Sun Crypto Accelerator 4000 board. This command sets the password character requir ements for any password prompted by vcaadm . There ar e three settings for passw[...]

  • Seite 97

    Chapter 4 Administering the Sun Cr ypto Accelerator 4000 Board With the vcaadm and vcadiag Utilities 71 When creating a security of ficer , the name is an optional parameter on the command line. If the security off icer name is omitted, vcaadm will prompt you for the name. (See “Naming Requirements” on page 69.) Populating a Keystor e W ith Use[...]

  • Seite 98

    72 Sun Crypto Accelerator 4000 Board Installation and User’s Guide • May 2003 Note – The user account is logged out if no commands are entered for mor e than five minutes. This is a tunable option; see “Setting the Auto-Logout T ime” on page 76 for details. Listing Users and Security Of ficers T o list users or security off icers associat[...]

  • Seite 99

    Chapter 4 Administering the Sun Cr ypto Accelerator 4000 Board With the vcaadm and vcadiag Utilities 73 Enabling or Disabling Users Note – Security off icers cannot be disabled. Once a security officer is cr eated, it is enabled until it is deleted. By default each user is created in the enabled state. Users may be disabled. Disabled users cannot[...]

  • Seite 100

    74 Sun Crypto Accelerator 4000 Board Installation and User’s Guide • May 2003 Deleting Users Issue the delete user command and specify the user to be deleted. When deleting a user , the user name is an optional parameter on the command line. If the user name is omitted, vcaadm will prompt you for the user name. Deleting Security Of ficers Issue[...]

  • Seite 101

    Chapter 4 Administering the Sun Cr ypto Accelerator 4000 Board With the vcaadm and vcadiag Utilities 75 A password must be set for the backup data. This password is used to encrypt the master key that is in the backup file. Caution – Y ou should choose a password that is very dif ficult to guess when making backup files because this password pr o[...]

  • Seite 102

    76 Sun Crypto Accelerator 4000 Board Installation and User’s Guide • May 2003 Managing Boar ds W ith vcaadm This section describes how to manage Sun Crypto Accelerator 4000 boards with the vcaadm utility . Setting the Auto-Logout T ime T o customize the amount of time before a security off icer is automatically logged out of the board, use the [...]

  • Seite 103

    Chapter 4 Administering the Sun Cr ypto Accelerator 4000 Board With the vcaadm and vcadiag Utilities 77 Displaying Boar d Status T o get the current status of a Sun Crypto Accelerator 4000 boar d, issue the show status command. This displays the hardware and f irmware versions for that board, the MAC address of the network interface, the status (Up[...]

  • Seite 104

    78 Sun Crypto Accelerator 4000 Board Installation and User’s Guide • May 2003 Loading New Firmwar e It is possible to update the firmwar e for the Sun Crypto Accelerator 4000 board as new features ar e added. T o load firmware, issue the loadfw command and provide a path to the firmwar e file. A successful update of the firmwar e requires you t[...]

  • Seite 105

    Chapter 4 Administering the Sun Cr ypto Accelerator 4000 Board With the vcaadm and vcadiag Utilities 79 Rekeying a Sun Crypto Accelerator 4000 Boar d Over time, it may be necessary because of your security policy to use new keys as the master key or remote access key . The rekey command allows you to regenerate either of these keys, or both. Rekeyi[...]

  • Seite 106

    80 Sun Crypto Accelerator 4000 Board Installation and User’s Guide • May 2003 Zer oizing a Sun Crypto Accelerator 4000 Board In some situations, it might be necessary to clear a board of all its key material. This can be done using two methods. The first method is with a har dware jumper; this form of zeroizing will r eturn the Sun Crypto Accel[...]

  • Seite 107

    Chapter 4 Administering the Sun Cr ypto Accelerator 4000 Board With the vcaadm and vcadiag Utilities 81 bus, the DMA controller , and other hardware internals. T ests for the cryptographic subsystem cover random number generators and cryptographic accelerators. T ests on the network subsystem cover the vca device. Using vcadiag The vcadiag program [...]

  • Seite 108

    82 Sun Crypto Accelerator 4000 Board Installation and User’s Guide • May 2003 T ABLE 4-1 shows the options for the vcadiag utility. The following is an example of the -D option: The following is an example of the -F option: T ABLE 4-7 vcadiag Options Option Meaning -D vca N Performs diagnostics on the Sun Crypto Accelerator 4000 boar d. -F vca [...]

  • Seite 109

    Chapter 4 Administering the Sun Cr ypto Accelerator 4000 Board With the vcaadm and vcadiag Utilities 83 The following is an example of the -K option: The following is an example of the -Q option: The following is an example of the -R option: The following is an example of the -Z option: # vcadiag -K vca0 Device: vca0 Key Length: 1024 bits Key Finge[...]

  • Seite 110

    84 Sun Crypto Accelerator 4000 Board Installation and User’s Guide • May 2003[...]

  • Seite 111

    85 CHAPTER 5 Conf iguring Sun ONE Server Softwar e for Use W ith the Sun Crypto Accelerator 4000 Boar d This chapter explains how to configure the Sun Crypto Accelerator 4000 board for use with Sun ONE W eb Servers. This chapter includes the following sections: ■ “Administering Security for Sun ONE W eb Servers” on page 85 ■ “Configuring [...]

  • Seite 112

    86 Sun Crypto Accelerator 4000 Board Installation and User’s Guide • May 2003 Concepts and T erminology Keystores and users must be cr eated for applications that communicate with the Sun Crypto Accelerator 4000 board through a PKCS#1 1 interface, such as the Sun ONE W eb Server . Users, within the context of the Sun Crypto Accelerator 4000, ar[...]

  • Seite 113

    Chapter 5 Configuring Sun ONE Ser ver Softw are for Use With the Sun Crypto Accelerator 4000 Board 87 T okens and T oken Files Keystores appear to Sun ONE W eb Servers as tokens . T oken f iles are a technique for Sun Crypto Accelerator 4000 administrators to selectively present only specific tokens to a given application. Example There ar e three [...]

  • Seite 114

    88 Sun Crypto Accelerator 4000 Board Installation and User’s Guide • May 2003 The following is an example of the contents in a token file: Note – Comments are pr eceded by a pound sign (#) and empty lines are acceptable. If none of the files described in this subsection are found, then the default method described in “T okens and T oken Fil[...]

  • Seite 115

    Chapter 5 Configuring Sun ONE Ser ver Softw are for Use With the Sun Crypto Accelerator 4000 Board 89 Conf iguring Sun ONE W eb Servers This section describes the following: ■ “Passwords” on page 89 ■ “Populating a Keystore” on page 90 ■ “Overview for Enabling Sun ONE W eb Servers” on page 91 ■ “Installing and Configuring Sun [...]

  • Seite 116

    90 Sun Crypto Accelerator 4000 Board Installation and User’s Guide • May 2003 Populating a Keystor e Before you can enable the boar d for use with a Sun ONE W eb Server , you must first initialize the board and populate the board’s keystor e with at least one user . The keystore for the boar d is created during the initialization process. Y o[...]

  • Seite 117

    Chapter 5 Configuring Sun ONE Ser ver Softw are for Use With the Sun Crypto Accelerator 4000 Board 91 4. Create a user with the create user command. The username and password created her e collectively make the username:password (See T ABLE 5-1 ). Y ou must use this password when authenticating during a web server startup. This is the keystore pass[...]

  • Seite 118

    92 Sun Crypto Accelerator 4000 Board Installation and User’s Guide • May 2003 Installing and Conf iguring Sun ONE W eb Server 4.1 This section explains how to install and configure Sun ONE W eb Server 4.1. This chapter includes the following sections: ■ “Installing Sun ONE W eb Server 4.1” on page 92 ■ “Configuring Sun ONE W eb Server[...]

  • Seite 119

    Chapter 5 Configuring Sun ONE Ser ver Softw are for Use With the Sun Crypto Accelerator 4000 Board 93 ▼ T o Create a T rust Database 1. Start the Sun ONE W eb Server 4.1 Administration Server . Instead of running startconsole as setup requests, start a Sun ONE W eb Server 4.1 Administration Server , use the following command: The response pr ovid[...]

  • Seite 120

    94 Sun Crypto Accelerator 4000 Board Installation and User’s Guide • May 2003 Note – If you want to run Secure Socket Layer (SSL) on the Sun ONE W eb Server 4.1 Administration Server server as well, the process of setting up a trust database is similar . Refer to the iPlanet Web Server , Enterprise Edition Administrator ’ s Guide at http://[...]

  • Seite 121

    Chapter 5 Configuring Sun ONE Ser ver Softw are for Use With the Sun Crypto Accelerator 4000 Board 95 8. T ype y and press Return when prompted, if you want to proceed. 9. T ype 0 to quit. ▼ T o Generate a Server Certificate 1. Restart the Sun ONE W eb Server 4.1 Administration Server by typing the following commands: The response pr ovides the U[...]

  • Seite 122

    96 Sun Crypto Accelerator 4000 Board Installation and User’s Guide • May 2003 4. T o request the server certif icate, select the Security tab near the top of the Sun ONE W eb Server 4.1 Administration Server window ( FIGURE 5-1 ). The Create T rust Database page is displayed. 5. Select the Request a Certif icate link on the left pane ( FIGURE 5[...]

  • Seite 123

    Chapter 5 Configuring Sun ONE Ser ver Softw are for Use With the Sun Crypto Accelerator 4000 Board 97 b. Select the Cryptographic Module you want to use. Each keystore has its own entry in this pull-down menu. Be sure that you select the correct keystor e. Do not select SUNW acceleration only . c. In the Key Pair File Password dialog box, provide t[...]

  • Seite 124

    98 Sun Crypto Accelerator 4000 Board Installation and User’s Guide • May 2003 ▼ T o Install the Server Certificate 1. Select the Install Certif icate link on the left side of the Sun ONE W eb Server 4.1 Administration Server window . Once your request has been approved by a certif icate authority and a certificate has been issued, you must in[...]

  • Seite 125

    Chapter 5 Configuring Sun ONE Ser ver Softw are for Use With the Sun Crypto Accelerator 4000 Board 99 4. Fill out the form to install your certif icate: 5. Paste the certif icate you copied from the certif icate authority (in Step 8 of the “T o Generate a Server Certif icate” on page 95) into the Message box. Y ou are shown some basic informati[...]

  • Seite 126

    100 Sun Crypto Accelerator 4000 Board Installation and User’s Guide • May 2003 4. Set encryption to On. The Port field in the dialog box should update to the default SSL port number 443. Alter the port number if necessary . 5. Select the OK button. 6. Apply these changes by selecting the Save button. The web server is now configur ed to run in [...]

  • Seite 127

    Chapter 5 Configuring Sun ONE Ser ver Softw are for Use With the Sun Crypto Accelerator 4000 Board 101 Note – The default server_port is 443. Installing and Conf iguring Sun ONE W eb Server 6.0 This section explains how to enable the Sun Crypto Accelerator 4000 board for use with Sun ONE 6.0 W eb Servers. This section includes the following: ■ [...]

  • Seite 128

    102 Sun Crypto Accelerator 4000 Board Installation and User’s Guide • May 2003 c. Enter the Sun ONE W eb Server 6.0 Administration Server password twice. d. Press Return when prompted. ▼ T o Create a T rust Database 1. Start the Sun ONE W eb Server 6.0 Administration Server . T o start a Sun ONE W eb Server 6.0 Administration Server , use the[...]

  • Seite 129

    Chapter 5 Configuring Sun ONE Ser ver Softw are for Use With the Sun Crypto Accelerator 4000 Board 103 a. Select the Servers tab in the Sun ONE W eb Server 6.0 Administration Server window . b. Select a server and select the Manage button. c. Select the Security tab near the top of the page and select the Create Database link. d. Enter a password ([...]

  • Seite 130

    104 Sun Crypto Accelerator 4000 Board Installation and User’s Guide • May 2003 8. T ype y and press Return when prompted, if you want to proceed. 9. T ype 0 to quit. ▼ T o Generate a Server Certificate 1. Restart the Sun ONE W eb Server 6.0 Administration Server by typing the following commands: The response pr ovides the URL for connecting t[...]

  • Seite 131

    Chapter 5 Configuring Sun ONE Ser ver Softw are for Use With the Sun Crypto Accelerator 4000 Board 105 4. T o request the server certif icate, select the Security tab near the top of Sun ONE W eb Server 6.0 Administration Server window . The Create T rust Database window is displayed. 5. Select the Request a Certif icate link on the left pane of th[...]

  • Seite 132

    106 Sun Crypto Accelerator 4000 Board Installation and User’s Guide • May 2003 b. Select the Cryptographic Module you want to use. Each keystore has its own entry in this pull-down menu. Be sure that you select the correct keystor e. Do not select SUNW acceleration only . c. In the Key Pair File Password dialog box, provide the password for the[...]

  • Seite 133

    Chapter 5 Configuring Sun ONE Ser ver Softw are for Use With the Sun Crypto Accelerator 4000 Board 107 ▼ T o Install the Server Certificate 1. Select the Install Certif icate link on the left side of the Sun ONE W eb Server 6.0 Administration Server window . Once your request has been appr oved by a certificate authority and a certificate has bee[...]

  • Seite 134

    108 Sun Crypto Accelerator 4000 Board Installation and User’s Guide • May 2003 4. Fill out the form to install your certif icate: 5. Paste the certif icate you copied from the certif icate authority (in Step 8 of the “T o Generate a Server Certif icate” on page 104) into the Message text box. Y ou are shown some basic information about the [...]

  • Seite 135

    Chapter 5 Configuring Sun ONE Ser ver Softw are for Use With the Sun Crypto Accelerator 4000 Board 109 ■ Port : Set to the port on which you will be running your SSL-enabled web server (usually this is port 443). ■ Security : Set to On. b. Select the OK button to apply these changes. In the security field of the Edit Listen Sockets page, there [...]

  • Seite 136

    110 Sun Crypto Accelerator 4000 Board Installation and User’s Guide • May 2003 At the Module keystore_name pr ompt, enter the username:password . Enter the username:password for other keystores as pr ompted. 12. V erify the new SSL-enabled web server at the following URL: https:// hostname.domain:server_port / Note – The default server_port i[...]

  • Seite 137

    111 CHAPTER 6 Conf iguring Apache W eb Servers for Use W ith the Sun Crypto Accelerator 4000 Boar d This chapter explains how to configure the Sun Crypto Accelerator 4000 board for use with Apache W eb Servers. This chapter includes the following sections: ■ “Enabling the Board for Apache W eb Servers” on page 1 12 ■ “Enabling Apache W eb[...]

  • Seite 138

    112 Sun Crypto Accelerator 4000 Board Installation and User’s Guide • May 2003 Enabling the Boar d for Apache W eb Servers This section provides an overview of how to enable the Sun Crypto Accelerator 4000 board for use with Apache W eb Servers. Enabling Apache W eb Servers Apache W eb Server 1.3.26 or later is required for use with the Sun Cry[...]

  • Seite 139

    Chapter 6 Configuring Apache Web Servers f or Use With the Sun Cr ypto Accelerator 4000 Board 113 4. Select 1 to conf igure your Apache W eb Server to use SSL: 5. Provide the directory where the Apache binaries exist. On Solaris systems, this is usually /usr/apache . 6. Provide the location of the conf iguration f iles for Apache. On Solaris system[...]

  • Seite 140

    114 Sun Crypto Accelerator 4000 Board Installation and User’s Guide • May 2003 9. Choose a base name for the key material. This name is appended with differ ent suffixes to distinguish key f iles, certificate request f iles and later on, certificate files fr om one another . 10. Provide a key length between 512 and 2048 bits. For most web serve[...]

  • Seite 141

    Chapter 6 Configuring Apache Web Servers f or Use With the Sun Cr ypto Accelerator 4000 Board 115 ▼ T o Create a Certif icate 1. Create a certif icate request using the keys you created in “T o Enable the Apache W eb Server” on page 1 12. Y ou must first enter the passwor d to access your keys. Then provide the appropriate information for the[...]

  • Seite 142

    116 Sun Crypto Accelerator 4000 Board Installation and User’s Guide • May 2003 2. Modify the /etc/apache/httpd.conf f ile as directed. Y ou are shown information concerning your key and certif icate files. Y ou are also instructed on how to modify the /etc/apache/httpd.conf file for use with the Sun Crypto Accelerator 4000 software. Note – Th[...]

  • Seite 143

    Chapter 6 Configuring Apache Web Servers f or Use With the Sun Cr ypto Accelerator 4000 Board 117 3. If you chose not to set up a VirtualHost , you must place the SSLEngine , SSLCertificateFile , and SSLCertificateKeyFile directives in the httpd.conf f ile, just above the SSLPassPhraseDialog directive. If you answered no to the question in Step 7 o[...]

  • Seite 144

    118 Sun Crypto Accelerator 4000 Board Installation and User’s Guide • May 2003 5. Copy your certif icate request with the headers from /etc/apache/keys/ base_name -certreq.pem (where base_name was set in Step 9 of “T o Enable the Apache W eb Server” on page 1 12) and hand it off to your certif icate authority . 6. Once the certif icate is g[...]

  • Seite 145

    119 CHAPTER 7 Diagnostics and T r oubleshooting This chapter describes diagnostic tests and troubleshooting for the Sun Crypto Accelerator 4000 software. This chapter includes the following sections: ■ “SunVTS Diagnostic Software” on page 1 19 ■ “Using kstat to Determine Cryptographic Activity” on page 128 ■ “Using the OpenBoot PROM[...]

  • Seite 146

    120 Sun Crypto Accelerator 4000 Board Installation and User’s Guide • May 2003 Installing SunVTS netlbtest and nettest Support for the vca Driver T ABLE 7-1 shows the method of updating installed SunVTS software to provide SunVTS netlbtest and nettest support for the vca driver . SunVTS software is delivered on the Solaris Softwar e Supplement [...]

  • Seite 147

    Chapter 7 Diagnostics and T roubleshooting 121 Using the patchadd command to install patch 1 13614-1 1 is the equivalent of replacing the pr eviously installed SunVTS packages with the SunVTS5.1ps2 packages. The replacement packages ar e available at: http://www.sun.com/oem/products/vts/ The overlay patches are available at: http://sunsolve.sun.com[...]

  • Seite 148

    122 Sun Crypto Accelerator 4000 Board Installation and User’s Guide • May 2003 Note – Physical mode is supported; however , this pr ocedure assumes you are using Logical mode. 3. Disable all tests by clearing their check boxes. 4. Select the check box for Cryptography , then select the plus box for Cryptography to display all tests in the Cry[...]

  • Seite 149

    Chapter 7 Diagnostics and T roubleshooting 123 T est Parameter Options for vcatest T ABLE 7-2 describes the vcatest subtests. vcatest Command-Line Syntax If you choose to perform vcatest from the command line instead of the CDE interface, then all arguments must be specified in the command-line string. In 32-bit mode, the path to vcatest is /opt/SU[...]

  • Seite 150

    124 Sun Crypto Accelerator 4000 Board Installation and User’s Guide • May 2003 The following is an example of invoking vcatest in 64-bit mode from the SunVTS infrastructure. The following command tests RSA, DSA, and MD5 on vca2 : When performing vcatest from the command line, omission of an option produces the default behavior for that option, [...]

  • Seite 151

    Chapter 7 Diagnostics and T roubleshooting 125 5. Clear check boxes in the Network group that are not named vca N (netlbtest) . Note that N specif ies the placement of the instance number of the device under test. ■ If a vca N (netlbtest) is displayed, then go to Step 6. ■ If a vca N (netlbtest) is not displayed, probe the system to find it by [...]

  • Seite 152

    126 Sun Crypto Accelerator 4000 Board Installation and User’s Guide • May 2003 Refer to the SunVTS user ’s guide for detailed startup instructions. The following instructions assume that SunVTS was started using the CDE user interface. 2. On the SunVTS Diagnostic main window , set the System Map to Logical mode. Note – Physical mode is also[...]

  • Seite 153

    Chapter 7 Diagnostics and T roubleshooting 127 This action removes the dialog box and returns you to the SunVTS Diagnostic main window . 8. Select one of the instances of vca N (nettest) , then right-click and drag to display the T est Execution Options dialog box. An alternate method of displaying T est Execution Options dialog box is to select th[...]

  • Seite 154

    128 Sun Crypto Accelerator 4000 Board Installation and User’s Guide • May 2003 Using kstat to Determine Cryptographic Activity The Sun Crypto Accelerator 4000 board does not contain lights or other indicators to ref lect cryptographic activity on the board. T o determine whether cryptographic work requests ar e actually being performed on the b[...]

  • Seite 155

    Chapter 7 Diagnostics and T roubleshooting 129 Note – If the nostats property is def ined in the /kernel/drv/vca.conf file, the capture and display of statistics will be disabled. This property may be used to help prevent traf fic analysis. Using the OpenBoot PROM FCode Self- T est The following tests are available to help identify problems with [...]

  • Seite 156

    130 Sun Crypto Accelerator 4000 Board Installation and User’s Guide • May 2003 3. Reset the system. 4. T ype show-nets to display the list of devices and enter a selection: Y ou should see a list of devices, similar to the example below , specific to the adapter: Note – T o perform the following self-test with the test command, the Ethernet p[...]

  • Seite 157

    Chapter 7 Diagnostics and T roubleshooting 131 Note – The Sun Crypto Accelerator 4000 UTP adapter self-test for a 1000 Mbps connection is not supported for use with an external loopback cable because the link-clock cannot be reconciled. For this test, the local and remote ports must reconcile as clock master and clock slave. If an external loopba[...]

  • Seite 158

    132 Sun Crypto Accelerator 4000 Board Installation and User’s Guide • May 2003 T r oubleshooting the Sun Crypto Accelerator 4000 Boar d This section describes the commands available at the OBP level for troubleshooting the board. Refer to the OpenBoot Command Reference Manual for more information on the commands described in the following subse[...]

  • Seite 159

    Chapter 7 Diagnostics and T roubleshooting 133 .properties T o determine whether the Sun Crypto Accelerator 4000 device properties ar e listed correctly: fr om the OBP prompt, type .properties to display the list of properties. ok .properties assigned-addresses 82000810 00000000 00102000 00000000 00002000 81000814 00000000 00000400 00000000 0000010[...]

  • Seite 160

    134 Sun Crypto Accelerator 4000 Board Installation and User’s Guide • May 2003 watch-net T o monitor a network connection: from the OBP prompt, type the apply watch- net command with the device path: The system monitors network traff ic, displaying “.” each time it receives an error- free packet and “X” each time it r eceives a packet w[...]

  • Seite 161

    135 APPENDIX A Specif ications This appendix lists the specifications for the Sun Crypto Accelerator 4000 MMF and UTP adapters. It contains the following sections: ■ “Sun Crypto Accelerator 4000 MMF Adapter” on page 135 ■ “Sun Crypto Accelerator 4000 UTP Adapter” on page 138 Sun Crypto Accelerator 4000 MMF Adapter This section provides [...]

  • Seite 162

    136 Sun Crypto Accelerator 4000 Board Installation and User’s Guide • May 2003 FIGURE A-1 Sun Crypto Accelerator 4000 MMF Adapter Connector T ABLE A-1 lists the characteristics of the SC connector (850 nm). T ABLE A-1 SC Connector Link Characteristics (IEEE P802.3z) Characteristic 62.5 Micron MMF 50 Micron MMF Operating range Up to 260 meters U[...]

  • Seite 163

    Appendix A Specifications 137 Physical Dimensions Performance Specif ications Power Requir ements T ABLE A-2 Physical Dimensions Dimension Measurement Metric Measurement Length 12.283 inches 312.00 mm W idth 4.200 inches 106.68 mm T ABLE A-3 Performance Specifications Feature Specification PCI clock 33/66 MHz max PCI data burst transfer rate Up to [...]

  • Seite 164

    138 Sun Crypto Accelerator 4000 Board Installation and User’s Guide • May 2003 Interface Specif ications Envir onmental Specifications Sun Crypto Accelerator 4000 UTP Adapter This section provides the specif ications for the Sun Crypto Accelerator 4000 UTP adapter . Connectors FIGURE A-1 shows the connector for the Sun Crypto Accelerator 4000 U[...]

  • Seite 165

    Appendix A Specifications 139 FIGURE A-2 Sun Crypto Accelerator 4000 UTP Adapter Connector T ABLE A-7 lists the characteristics of the Cat-5 connector used by the Sun Crypto Accelerator 4000 UTP adapter . T ABLE A-7 Cat-5 Connector Link Characteristics Characteristic Description Operating range Up to 100 meters F AUL T LINK DIAG OPERA TE OWNED FIPS[...]

  • Seite 166

    140 Sun Crypto Accelerator 4000 Board Installation and User’s Guide • May 2003 Physical Dimensions Performance Specif ications Power Requir ements T ABLE A-8 Physical Dimensions Dimension Measurement Metric Measurement Length 12.283 inches 312.00 mm W idth 4.200 inches 106.68 mm T ABLE A-9 Performance Specifications Feature Specification PCI cl[...]

  • Seite 167

    Appendix A Specifications 141 Interface Specif ications Envir onmental Specifications T ABLE A-11 Interface Specifications Feature Specification PCI clock 33 MHz or 66 MHz Host interface PCI 2.1 with support for 33 MHz or 66 MHz clock rate and 3.3V or 5V power PCI bus width 32 bits or 64 bits T ABLE A-12 Environmental Specif ications Condition Oper[...]

  • Seite 168

    142 Sun Crypto Accelerator 4000 Board Installation and User’s Guide • May 2003[...]

  • Seite 169

    143 APPENDIX B SSL Conf iguration Dir ectives for Apache W eb Servers This appendix lists directives for using Sun Crypto Accelerator 4000 software to configur e SSL support for Apache W eb Servers. Configure dir ectives in your http.conf file. Refer to the Apache W eb Server documentation for more information. 1. SSLPassPhraseDialog exec: program [...]

  • Seite 170

    144 Sun Crypto Accelerator 4000 Board Installation and User’s Guide • May 2003 /etc/apache/ servername : port . keytype .pass . If this file is not pr esent, then the file /etc/apache/default.pass is used. These password f iles contain only the unencrypted password on a line by itself. Note – Password f iles should be protected by permissions[...]

  • Seite 171

    Appendix B SSL Configuration Directives f or Apache Web Servers 145 Using the plus (+) or minus (-) signs, protocols can be added or r emoved. For example, to disable support for SSLv2, the following directive could be used: The preceding statement is equivalent to: 4. SSLCipherSuite cipher-spec Context: Global, virtual host, directory , .htaccess [...]

  • Seite 172

    146 Sun Crypto Accelerator 4000 Board Installation and User’s Guide • May 2003 T ABLE B-3 lists and describes the aliases that provide macr o-like groupings. EXP-RC4-MD5 SSLv2 RSA (512 bit) RSA ARCFOUR (40-bit) MD5 export NULL-SHA SSLv3 RSA RSA None SHA1 NULL-MD5 SSLv3 RSA RSA None MD5 ADH-DES-CBC3-SHA SSLv3 DH None 3DES (168-bit) SHA1 ADH-DES-[...]

  • Seite 173

    Appendix B SSL Configuration Directives f or Apache Web Servers 147 The prefer ence of ciphers can be configured using the special characters listed and described in T ABLE B-4 . The default value of cipher-spec is SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP The default configur es all ciphers except anonymous (unauthenticated) D[...]

  • Seite 174

    148 Sun Crypto Accelerator 4000 Board Installation and User’s Guide • May 2003 Certificates in the chain ar e assumed to be valid for client authentication as well, when client authentication ( SSLVerifyClient ) is used. 8. SSLCACertificateFile file Context: Global, virtual host This directive specif ies the location of a file containing the c[...]

  • Seite 175

    Appendix B SSL Configuration Directives f or Apache Web Servers 149 This directive specif ies a log file where SSL-specif ic information will be logged. If not specified (default), then no SSL-specific information will be logged. 13. SSLLogLevel level Context: Global, virtual host This directive specif ies the verbosity of the information logged in[...]

  • Seite 176

    150 Sun Crypto Accelerator 4000 Board Installation and User’s Guide • May 2003 Options are listed and described in T ABLE B-7 . 15. SSLRequireSSL Context: Directory , .htaccess This directive forbids access in a given dir ectory unless HTTPS is used. Use the directive to guar d against misconfigurations that might otherwise leave a directory&ap[...]

  • Seite 177

    151 APPENDIX C Building Applications for Use W ith the Sun Crypto Accelerator 4000 Boar d This appendix describes the software supplied with the Sun Crypto Accelerator 4000, which can be used to build OpenSSL-compatible applications to take advantage of the cryptographic acceleration features of the Sun Crypto Accelerator 4000 board. Not all OpenSS[...]

  • Seite 178

    152 Sun Crypto Accelerator 4000 Board Installation and User’s Guide • May 2003 Additionally , the linker must be directed to include refer ences to the appropriate libraries. Most OpenSSL-compatible applications reference either or both of the libcrypto.a and libssl.a libraries. The Sun cryptographic libraries must also be included. The followi[...]

  • Seite 179

    153 APPENDIX D Softwar e Licenses This appendix provides the Sun Binary Code License Agr eement and third-party software notices and licenses. Note – The third-party licenses and notices pr ovided in this appendix are included exactly as they are pr ovided by the owners of the software licenses and notices. Sun Microsystems, Inc. Binary Code Lice[...]

  • Seite 180

    154 Sun Crypto Accelerator 4000 Board Installation and User’s Guide • May 2003 licensed or intended for use in the design, construction, operation or maintenance of any nuclear facility . Sun disclaims any express or implied warranty of fitness for such uses. No right, title or interest in or to any trademark, service mark, logo or trade name o[...]

  • Seite 181

    Appendix D Software Licenses 155 9. GOVERNING LA W . Any action related to this Agreement will be governed by California law and controlling U.S. federal law . No choice of law rules of any jurisdiction will apply . 10. SEVERABILITY . If any provision of this Agreement is held to be unenforceable, this Agreement will r emain in effect with the prov[...]

  • Seite 182

    156 Sun Crypto Accelerator 4000 Board Installation and User’s Guide • May 2003 Thir d Party License T erms OPENSSL LICENSE ISSUES The OpenSSL toolkit stays under a dual license, i.e. both the conditions of the OpenSSL License and the original SSLeay license apply to the toolkit. See below for the actual license texts. Actually both licenses are[...]

  • Seite 183

    Appendix D Software Licenses 157 OpenSSL PROJECT OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT , INDIRECT , INCIDENT AL, SPECIAL, EXEMPLARY , OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SER VICES; LOSS OF USE, DA T A, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY ,[...]

  • Seite 184

    158 Sun Crypto Accelerator 4000 Board Installation and User’s Guide • May 2003 3. All advertising materials mentioning features or use of this softwar e must display the following acknowledgement: "This product includes cryptographic software written by Eric Y oung (eay@cryptsoft.com)" The word 'cryptographic' can be left ou[...]

  • Seite 185

    Appendix D Software Licenses 159 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. All advertising materials mentioning features or use of this softwar e must display the following acknowledg[...]

  • Seite 186

    160 Sun Crypto Accelerator 4000 Board Installation and User’s Guide • May 2003[...]

  • Seite 187

    161 APPENDIX E Manual Pages This appendix provides descriptions of the Sun Crypto Accelerator 4000 board commands and lists the online manual pages for each. The commands in this appendix are included with the Sun Crypto Accelerator 4000 softwar e. The online manual pages can be viewed with the following command: T ABLE E-1 lists and describes the [...]

  • Seite 188

    162 Sun Crypto Accelerator 4000 Board Installation and User’s Guide • May 2003 kcl2 (7d) The kcl2 device driver is a multithreaded loadable kernel module providing support for Sun cryptographic pr ovider drivers. The kcl2 driver requir es the presence of layer ed software for applications and kernel clients to access the provided services. apss[...]

  • Seite 189

    163 APPENDIX F Zer oizing the Har dwar e This appendix describes how to zeroize the Sun Crypto Accelerator 4000 boar d to the factory state which is the failsafe mode for the board. Caution – Y ou should use the procedures described in this appendix only if it is absolutely necessary . The zeroize command in vcaadm is appropriate if you need to r[...]

  • Seite 190

    164 Sun Crypto Accelerator 4000 Board Installation and User’s Guide • May 2003 ▼ T o Zer oize the Sun Crypto Accelerator 4000 Boar d W ith the Hardwar e Jumper 1. Power off the system. Note – For some systems, you can use dynamic reconf iguration (DR) to remove and replace the boar d as necessary for this procedure instead of powering off t[...]

  • Seite 191

    Appendix F Zeroizing the Hardware 165 4. Power on the system. Caution – When you power on the system after adjusting the Sun Crypto Accelerator 4000 board jumper , all firmware, key material, and conf iguration information is deleted. This process returns the boar d to the factory state and places the board in failsafe mode. 5. Power off the syst[...]

  • Seite 192

    166 Sun Crypto Accelerator 4000 Board Installation and User’s Guide • May 2003[...]

  • Seite 193

    167 APPENDIX G Fr equently Asked Questions How Do I Configur e the W eb Server to Startup W ithout User Interaction on Reboot? Y ou can enable both Sun ONE and Apache W eb Servers to perform an unattended startup at reboot with an encrypted key . ▼ T o Create an Encrypted Key for Automatic Startup of Apache W eb Servers on Reboot 1. V erify that [...]

  • Seite 194

    168 Sun Crypto Accelerator 4000 Board Installation and User’s Guide • May 2003 Example: For a server named webserv101 running SSL on port 443 with an RSA key , you create the following file in /etc/apache : It is recommended to change the permissions and ownership of the password f ile as follows: Refer to the mod_SSL and OpenSSL documentation [...]

  • Seite 195

    Appendix G Frequently Ask ed Questions 169 ▼ T o Assign Differ ent MAC Addresses Fr om a T erminal W indow 1. Enter the following command: Note – W ith the “ local-mac-address? ” parameter set to true , all nonintegrated network interface devices use the local MAC address assigned to the product at the manufacturing facility . 2. Reboot the[...]

  • Seite 196

    170 Sun Crypto Accelerator 4000 Board Installation and User’s Guide • May 2003 ■ For Sun Crypto Accelerator 1000 version 1.0 software – Patch ID 1 12869-02 ■ For Sun Crypto Accelerator 1000 version 1.1 software – Patch ID 1 13355-01 T o configur e the Sun Crypto Accelerator 1000 for use with Apache 1.3.26 on a Solaris 9 system with the [...]

  • Seite 197

    Index 171 Index SYMBOLS $HOME/.vcaadm/trustdb ,5 8 .properties command, 133 .u extension, 17 /etc/apache/default.pass , 144 /etc/apache/ servername.port.keytype.pass , 144 /etc/driver_aliases file, 38 /etc/hostname.vcaN file, 53 /etc/hosts file, 53 /etc/opt/SUNWconn/vca/keydata ,1 9 /etc/path_to_inst file, 38 /kernel/drv/vca.conf file, 129 /opt/SUN[...]

  • Seite 198

    172 Sun Crypto Accelerator 4000 Board Installation and User’s Guide • May 2003 SSLRequireSSL , 150 SSLVerifyClient , 148 SSLVerifyDepth , 148 enabling, 1 12 enabling the board, 1 12 applications, building, 151 assigning an IP address, 52 auto-boot? configuration variable, 129, 131 autonegotiation, 23, 27 disabling, 37 pause capability, 27 setti[...]

  • Seite 199

    Index 173 enable-ipg0 ,2 8 enable-ipg0 parameter, 28 enabling Apache W eb Servers, 1 12 Sun ONE W eb Servers, 89 enabling Sun ONE W eb Servers, 91 etc/apache/default.pass , 144 etc/apache/ servername.port.keytype.pass , 144 etc/hostname.vcaN file, 53 etc/hosts file, 53 etc/path_to_inst file, 38 Ethernet driver operating statistics, 43 driver statis[...]

  • Seite 200

    174 Sun Crypto Accelerator 4000 Board Installation and User’s Guide • May 2003 K kernel statistic values, 128 kernel/drv/vca.conf file, 129 key length, 1 14 key objects, 69 keystore data, 19 keystores, 66, 67, 86 managing with vcaadm ,6 9 kstat command, 43, 51, 128 L libcrypto.a parameter, 152 libraries, cryptographic, 152 libssl.a parameter, 1[...]

  • Seite 201

    Index 175 P packages optional, 17 requir ed, 17 parallel-detection, 42 parameter values how to modify and display, 34 parameters, 25 8-bit vectors, 30 adv-asmpause-cap ,2 7 adv-autoneg-cap ,2 4 adv-pause-cap ,2 7 driver-specific, 49 early detecting 8-bit vectors, 30 early drop, 30 enable-ipg0 ,2 8 flow control, 27 forced mode, 28 Gigabit forced m[...]

  • Seite 202

    176 Sun Crypto Accelerator 4000 Board Installation and User’s Guide • May 2003 requir ed patches, 10 RSA keypair, 1 13 RX blanking register for alias r ead, 30 RX MAC counters, 45 RX random early detecting 8-bit vectors, 30 rx-intr-pkts , 25, 30 rx-intr-pkts parameter, 25, 30 rx-intr-time ,3 0 rx-intr-time parameter, 30 S security off icer acco[...]

  • Seite 203

    Index 177 software, 10 Solaris operating environments, 10 SSL algorithms, 4 T token files, 87 tokens, 87 transmit and receive pause capability, 27 transmit counters, 49 transmit MAC counters, 45 troubleshooting, 132 trust database creating Sun ONE Web Server 4.1, 93 Sun ONE Web Server 6.0, 102 vcaadm, 58 TX and RX MAC counters, 45 TX MAC counters, [...]

  • Seite 204

    178 Sun Crypto Accelerator 4000 Board Installation and User’s Guide • May 2003 W watch-net command, 134 Z zeroize command, 163 zeroizing the har dware, 163[...]