The IBM® HTTP
Server enables nCipher and Rainbow accelerator devices by default. To disable
your accelerator device, add the SSLAcceleratorDisable directive to
your configuration file.
Before you begin
When using the IBM e-business Cryptographic Accelerator, or the IBM 4758,
the user ID under which the Web server runs must be a member of the PKCS11
group. You can create the PKCS11 group by installing the bos.pkcs11 package
or its updates. Change the Group directive in the configuration file
to group pkcs11.
About this task
If you want the IBM HTTP Server to use the PKCS11 interface, configure
the following:
Procedure
- Stash your password to the PKCS11 device, or optionally enable
password prompting: Syntax: sslstash [-c] <file> <function> <password> where:
- -c: Creates a new stash file. If not specified, an existing stash file
is updated.
- file: Represents a fully-qualified name of the file to create or update.
- function: Represents the function for which the server uses the password.
Valid values include crl or crypto.
- password: Indicates the password to stash.
- Place the following directives in your configuration file: