Sun Microsystems 4000 manual Configuring Sun ONE Web Servers, Passwords

Page 115

Configuring Sun ONE Web Servers

This section describes the following:

“Passwords” on page 89

“Populating a Keystore” on page 90

“Overview for Enabling Sun ONE Web Servers” on page 91

“Installing and Configuring Sun ONE Web Server 4.1” on page 92

“Configuring Sun ONE Web Server 4.1 for SSL” on page 99

“Installing and Configuring Sun ONE Web Server 6.0” on page 101

“Configuring Sun ONE Web Server 6.0 for SSL” on page 108

Passwords

You are asked for several passwords in the course of enabling a Sun ONE Web Server. TABLE 5-1provides a description of each. These passwords are referred to throughout this chapter. If there is any confusion about which password to use, refer to TABLE 5-1.

TABLE 5-1Passwords Required for Sun ONE Web Servers

Type of Password

Description

 

 

Sun ONE Web Server

Required to start up the Sun ONE Web Server Administration

Administration

Server. This password was assigned during the Sun ONE Web

Server

Server setup.

Web Server Trust

Required to start the internal cryptographic module when running

Database

in secure mode. This password was assigned when creating a trust

 

database through the Sun ONE Web Server Administration Server.

 

This password is also required when requesting and installing

 

certificates into the internal cryptographic module.

Security Officer

Required when performing vcaadm privileged operations.

username:password

Required to start the Sun Crypto Accelerator 4000 module when

 

running in secure mode. This password is also required when

 

requesting and installing certificates into the internal cryptographic

 

module (keystore_name). This password consists of the username and

 

password of a keystore user that was created in vcaadm. The

 

keystore username and password are separated by a colon (:).

 

 

Chapter 5 Configuring Sun ONE Server Software for Use With the Sun Crypto Accelerator 4000 Board 89

Image 115
Contents Page Please Recycle Product Family Name Sun Crypto Accelerator 4000 Fiber X4012A European UnionEN 609502000, 3rd Edition IEC 609502000, 3rd Edition Supplementary InformationSafety Page FCC Class a Notice Regulatory Compliance StatementsFCC Class B Notice ICES-003 Class B Notice Avis NMB-003, Classe B ICES-003 Class a Notice Avis NMB-003, Classe aBsmi Class a Notice Page Contents Configuring Driver Parameters Installing the Sun Crypto Accelerator 4000 BoardContents Page Contents Diagnostics and Troubleshooting 119 134 SpecificationsThird Party License Terms Manual Pages Zeroizing the Hardware Frequently Asked QuestionsTables 137 106108 123146 141144 145Page How This Book Is Organized PrefaceSolaris Hardware Platform Guide Using Unix CommandsShell Prompts Typographic ConventionsSun Welcomes Your Comments Accessing Sun Documentation OnlineKey Protocols and Interfaces Product FeaturesSupported Applications Key FeaturesSupported Cryptographic Protocols 1IPsec Cryptographic Algorithms Diagnostic SupportCryptographic Algorithm Acceleration Supported Cryptographic Algorithms# rm /etc/opt/SUNWconn/cryptov2/sslreg Bulk Encryption3Supported SSL Algorithms # touch /etc/opt/SUNWconn/cryptov2/sslregIPsec Hardware Acceleration Hardware OverviewLED Displays Sun Crypto Accelerator 4000 MMF Adapter4Front Panel Display LEDs for the MMF Adapter 2Sun Crypto Accelerator 4000 UTP Adapter Sun Crypto Accelerator 4000 UTP Adapter5Front Panel Display LEDs for the UTP Adapter Load Sharing Dynamic Reconfiguration and High Availability6Hardware and Software Requirements Hardware and Software RequirementsRequired Patches Apache Web Server PatchSolaris 9 Patches Solaris 8 PatchesThere are currently no required Solaris 9 patches Page Handling the Board Installing the Sun Crypto Accelerator 4000 BoardTo Install the Hardware Installing the BoardOk show-devs Ok cd /pci@8,600000/network@1 Ok .properties To Install the Software Installing the Sun Crypto Accelerator 4000 Software# mount -F hsfs -o ro /dev/dsk/c0t6d0s2 /cdrom 1Files in the /cdrom/cdrom0 Directory VCA AdministrationVCA Firmware # modinfo grep Crypto Installing the Optional PackagesInstall the required software packages by typing # prtdiag2Sun Crypto Accelerator 4000 Directories Directories and FilesDevelopment Application Support libraries Apache configuration supportEncrypted keys Application executablesTo Remove the Software Removing the SoftwarePage Configuring Driver Parameters 1vca Driver Parameter, Status, and Descriptions Driver Parameter Values and DefinitionsAdvertised Link Parameters 2Operational Mode Parameters 3Read-Write Flow Control Keyword Descriptions Flow Control Parameters4Gigabit Forced Mode Parameter Gigabit Forced Mode ParameterInterpacket Gap Parameters 5Parameters Defining enable-ipg0and ipg0 7RX Blanking Register for Alias Read Interrupt ParametersRandom Early Drop Parameters 7describes the receive interrupt blanking valuesWhen Fifo threshold is greater than 6,144 bytes 9PCI Bus Interface Parameters PCI Bus Interface ParametersUse the instance number to select the device Setting vca Driver ParametersSetting Parameters Using the ndd Utility To Specify Device Instances for the ndd Utility# ndd -set /dev/vcaN parameter value Noninteractive and Interactive ModesDevice remains selected until you change the selection To modify a parameter value, use the -setoption# ndd /dev/vcaN Ndd utility then prompts you for the name of the parameter# ndd /dev/vca Setting Autonegotiation or Forced ModeSet the adv-autoneg-capparameter to To Disable Autonegotiation Mode# ndd -set /dev/vcaNadv-autoneg-cap # grep vca /etc/driveraliases vca pci108e,3de8 Setting Parameters Using the vca.conf FileTo Set Driver Parameters Using a vca.conf File Refer to the online manual pages for pathtoinst410Device Path Name Following is an example vca.conf file Example vca.conf File11Local Link Network Device Parameters Ok boot netspeed=1000,duplex=half,link-clock=master Ok boot netspeed=100,duplex=halfRefer to the Ieee 802.3 documentation for further details Ok boot netspeed=10,duplex=autoOk boot netspeed=10 Cryptographic Driver Statistics13describes the Ethernet driver statistics Ethernet Driver Statistics13Ethernet Driver Statistics 14TX and RX MAC Counters 14describes the transmit and receive MAC countersTx-underrun 16Read-Only vca Device Capabilities 15Current Ethernet Link Properties17describes the read-only link partner capabilities Reporting the Link Partner Capabilities17Read-Only Link Partner Capabilities Ethernet Transmit Counters 18Driver-Specific ParametersEthernet Receive Counters As superuser, type the kstat vcaN command To Check Link Partner Settings# kstat vcaN Instance number in the previous example is Network ConfigurationConfiguring the Network Host Files Locate the correct vca interfaces and instance numbers# Internet host table Localhost Zardoz Loghost Zardoz-11 # cat /etc/hostsPage $ PATH=$PATH/opt/SUNWconn/bin $ export Path Using vcaadmModes of Operation Vcaadm command-line syntax is1shows the options for the vcaadm utility $ vcaadm show user Single-Command ModeFile Mode $ vcaadm -s secofficer create user webadminLogging In and Out With vcaadm Interactive Mode$ vcaadm -f deluser.scr -y Logging In to a New Board Logging In to a Board With vcaadm# vcaadm -h hostname Logging In to a Board With a Changed Remote Access Key2vcaadm Prompt Variable Definitions Vcaadm prompt in Interactive mode is displayed as followsLogging Out of a Board With vcaadm Following table describes the vcaadm prompt variablesVcaadm connect host hostname dev vca2 3connect Command Optional ParametersWebadmin Entering Commands With vcaadmTom VcaadmvcaN@hostname, secofficer set ? Getting Help for CommandsQuitting the vcaadm Program in Interactive Mode Create a keystore name Refer to Naming Requirements on Select Fips 140-2 mode or non-FIPS modeVerify the configuration information Enter the path and password to the backup file Managing Keystores With vcaadm Password RequirementsNaming Requirements 5Password Requirement Settings Setting the Password RequirementsPopulating a Keystore With Security Officers Populating a Keystore With Users Listing Users and Security Officers Changing PasswordsEnabling or Disabling Users To enable an account, enter the enable user commandDeleting Security Officers Deleting UsersBacking Up the Master Key Locking the Keystore to Prevent Backups Managing Boards With vcaadm Setting the Auto-Logout TimeVcaadmvcaN@hostname, secofficer show status Board Status Displaying Board StatusLoading New Firmware Resetting a Sun Crypto Accelerator 4000 BoardKey Types Rekeying a Sun Crypto Accelerator 4000 BoardZeroizing a Sun Crypto Accelerator 4000 Board Using the vcaadm diagnostics CommandVcaadmvcaN@hostname, secofficer diagnostics Vcadiag command-line syntax is# vcadiag -D vca0 1shows the options for the vcadiag utilityFollowing is an example of the -Doption Following is an example of the -FoptionFollowing is an example of the -Zoption Following is an example of the -KoptionFollowing is an example of the -Qoption Following is an example of the -RoptionPage Administering Security for Sun ONE Web Servers Concepts and Terminology Token Files Tokens and Token FilesEnabling and Disabling Bulk Encryption Following is an example of the contents in a token filePasswords Configuring Sun ONE Web Servers1Passwords Required for Sun ONE Web Servers Populate the board’s keystore with users Refer to Using vcaadm onPopulating a Keystore To Populate a KeystoreOverview for Enabling Sun ONE Web Servers Create a user with the create user commandExit vcaadm Installing Sun ONE Web Server Installing and Configuring Sun ONE Web ServerTo Install Sun ONE Web Server Select OK Start the Sun ONE Web Server 4.1 Administration ServerResponse provides the URL for connecting to your servers To Create a Trust Database# /opt/SUNWconn/bin/iplsslcfg Type 0 to quit To Generate a Server CertificateCreate Trust Database page is displayed Select the Cryptographic Module you want to use This password is the usernamepassword Table2Requestor Information Fields To Install the Server Certificate 3Fields for the Certificate to Install Configuring Sun ONE Web Server 4.1 for SSLTo Configure the Sun ONE Web Server Fill out the form to install your certificateSet encryption to On Web server is now configured to run in secure modeUsr/iplanet/servers Create the trust database for the web server instance Start the Sun ONE Web Server 6.0 Administration Server# /usr/iplanet/servers/https-admserv/start # /opt/SUNWconn/crypto/bin/iplsslcfg To Generate a Server Certificate Create Trust Database window is displayed 4Requestor Information Fields To Install the Server Certificate 5Fields for the Certificate to Install Configuring Sun ONE Web Server 6.0 for SSLSelect the OK button to apply these changes Page 111 Enabling Apache Web Servers To Enable the Apache Web ServerCreate an httpd configuration file Enabling the Board for Apache Web ServersCreate an RSA keypair for your system Select 1 to configure your Apache Web Server to use SSLCreate your PEM pass phrase Creating a CertificateChoose a base name for the key material Provide a key length between 512 and 2048 bitsTo Create a Certificate Modify the /etc/apache/httpd.conf file as directed Select 0 to quit when you finish with apsslcfg Start the Apache Web Server Copy your certificate request with the headers from# /usr/apache/bin/apachectl start SunVTS Diagnostic Software Diagnostics and TroubleshootingPage As superuser, start SunVTS To Perform vcatest# /opt/SUNWvts/bin/sunvts Page Test Parameter Options for vcatest Vcatest Command-Line Syntax2describes the vcatest subtests To Perform netlbtest To Perform nettest VcaN up inet ip-addressplumb Diagnostics and Troubleshooting # kstat Vca0 Using kstat to Determine Cryptographic ActivityShut down the system Using the OpenBoot Prom FCode Self- TestPerforming the Ethernet FCode Self-Test Diagnostic Ok setenv auto-boot? falseOk show-nets Reset the systemPerform the self-test using the test command Ok reset-allIf the test passes, you see the following messages Set the auto-boot?configuration parameter to trueReset and reboot the system Type the followingShow-devs Troubleshooting the Sun Crypto Accelerator 4000 BoardProperties Watch-net Sun Crypto Accelerator 4000 MMF Adapter ConnectorsTable A-1SC Connector Link Characteristics Ieee P802.3z Figure A-1Sun Crypto Accelerator 4000 MMF Adapter ConnectorPerformance Specifications Physical DimensionsPower Requirements Table A-6Environmental Specifications Interface SpecificationsEnvironmental Specifications Table A-5Interface SpecificationsTable A-7Cat-5 Connector Link Characteristics Figure A-2Sun Crypto Accelerator 4000 UTP Adapter ConnectorTable A-10Power Requirements Table A-9Performance SpecificationsTable A-12Environmental Specifications Table A-11Interface SpecificationsPage SSL Configuration Directives for Apache Web Servers Table B-1SSL Protocols Preceding statement is equivalent to SSL Aliases Table B-4Special Characters to Configure Cipher Preference Default value of cipher-specisTable B-3SSL Aliases Table B-5SSL Verify Client Levels Context Global, virtual hostTable B-6SSL Log Level Values Table B-7Available SSL Options Options are listed and described in Table B-7Opt/SUNWconn/cryptov2/include Page Software Licenses Page Appendix D Software Licenses Third Party License Terms Openssl License IssuesOriginal SSLeay License Modssl License Appendix D Software Licenses Page Table E-1Sun Crypto Accelerator 4000 Online Manual Pages Man -M /opt/SUNWconn/manKcl2 device driver is a multithreaded loadable kernel module Zeroizing the Hardware Page Reconnect to Sun Crypto Accelerator 4000 board with vcaadm Page Frequently Asked Questions # chmod 400 password.conf Boot the operating environment Enter the following commandReboot the system Enter the following command at the OBP promptHow Do I Self-Sign a Certificate for Testing? Extension IndexAdvertised link parameters Commands Failsafe mode Page Pause capability Rx-intr-pktsparameter, 25 Command-line syntax, 123 test parameter optionsVca driver Vca.conf file, example URLWatch-netcommand Zeroize command, 163 zeroizing the hardware
Related manuals
Manual 334 pages 12.65 Kb Manual 72 pages 39 Kb Manual 28 pages 54.7 Kb

4000 specifications

Sun Microsystems, a pivotal player in the computing industry during the late 20th and early 21st centuries, was renowned for its innovative hardware and software solutions. Among its notable offerings were the Sun-6000, Sun-5000, and Sun-4000 series, powerful workstations and servers designed for a range of enterprise-level applications.

The Sun-6000 series, introduced in the early 1990s, marked a significant advancement in computing performance. These systems were built on the SPARC architecture, which facilitated high levels of processing power and multitasking capabilities. One of the main features of the 6000 series was its scalability, allowing organizations to increase their processing power by adding more modules. It also offered robust graphics performance, making it ideal for scientific visualization and complex data analysis.

Next in line was the Sun-5000 series. Launched shortly after the 6000 series, the 5000 line was celebrated for its reliability and ease of management. This series emphasized a balanced architecture, which combined processing capabilities with ample memory and storage options. Key characteristics included support for multiple processors, leading to improved performance for demanding applications. Additionally, the 5000 systems featured advanced input/output capabilities, ensuring fast data transfers—crucial for database applications and web servers.

Finally, the Sun-4000 series targeted businesses seeking affordable yet potent computing solutions. These servers boasted a modular design, allowing for easy upgrades and maintenance. The 4000 series was particularly notable for its support for various operating systems, including SunOS and Solaris. These systems were engineered to handle a range of workloads, from enterprise resource planning to web hosting, while still fitting into a value-driven budget.

Across all three series, Sun Microsystems prioritized compatibility and integration, ensuring that each system offered seamless connectivity with Sun's software solutions and third-party applications. Their commitment to open standards and interoperability set them apart in the competitive landscape of enterprise computing. Additionally, the use of high-quality components lent the systems durability, making them a wise investment for organizations looking to future-proof their IT infrastructure.

In summary, the Sun-6000, 5000, and 4000 series exemplified Sun Microsystems' ethos of innovation and reliability. These powerful systems catered to diverse business needs, setting benchmarks in performance and functionality that continue to influence modern computing.