The IBM® HTTP Server enables nCipher and Rainbow accelerator
devices by default. To disable your accelerator device, add the SSLAcceleratorDisable directive
to your configuration file.
Before you begin
When using the IBM e-business Cryptographic Accelerator,
or the IBM 4758, the user ID under which the Web server
runs must be a member of the PKCS11 group. You can create the PKCS11
group by installing the bos.pkcs11 package or
its updates. Change the Group directive in the configuration
file to group pkcs11.
About this task
If you want the IBM HTTP Server to use the PKCS11
interface, configure the following:
Procedure
- Stash your password to the PKCS11 device, or optionally
enable password prompting.
The stash file that the sslstash
command creates is completely independent of the stash file that often
accompanies a CMS KeyFile (*.kdb). Therefore, make sure that you:
- Do not overwrite an existing *.sth file when you issue the sslstash
command.
- Never choose a filename for the output of the sslstash command
that corresponds to the filename of a CMS KeyFile (*.kdb).
Syntax: sslstash [-c] <file> <function> <password> where:
- -c: Creates a new stash file. If not specified, an existing stash
file is updated.
- file: Represents a fully-qualified name of the file to create
or update.
- function: Represents the function for which the server uses the
password. Valid values include crl or crypto.
- password: Indicates the password to stash.
- Place the following directives in your configuration file.