Manuals
/
Brands
/
Computer Equipment
/
Network Router
/
Sun Microsystems
/
Computer Equipment
/
Network Router
Sun Microsystems
4000
- page 192
1
192
204
204
Download
204 pages, 1.65 Mb
166
Sun Crypto Accelerator 4000 Board Installation and User’s Guide
•
May 2003
Contents
Main
Please Recycle
Declaration of Conformity (Fiber MMF)
EMC
European Union
Safety
Supplementary Information
Declaration of Conformity (Copper UTP)
EMC
European Union
EN 60950:2000, 3rd Edition IEC 60950:2000, 3rd Edition
Safety
Supplementary Information
EN 60950:2000, 3rd Edition IEC 60950:2000, 3rd Edition
Page
Regulatory Compliance Statements
FCCClass A Notice
Note:
ShieldedCables:
Modifications:
Page
Page
Page
Contents
Page
Page
Page
Page
Page
Page
Page
Tables
Page
Page
Page
Preface
How This Book Is Organized
Using UNIX Commands
Typographic Conventions
Shell Prompts
AaBbCc123
Page
Product Overview
Product Features
Key Protocols and Interfaces
Key Features
Supported Applications
Supported Cryptographic Protocols
Diagnostic Support
Cryptographic Algorithm Acceleration
Supported Cryptographic Algorithms
SSL Acceleration
Bulk Encryption
Hardware Overview
IPsec Hardware Acceleration
Note
Sun Crypto Accelerator 4000 MMF Adapter
LED Displays
See TABLE1-4.
Sun Crypto Accelerator 4000 UTP Adapter
LED Displays
See TABLE1-5.
Server 4.1 or 6.0 is mentioned.
Note
Dynamic Reconfiguration and High Availability
Load Sharing
Hardware and Software Requirements
Required Patches
Apache Web Server Patch
Page
Page
Installing the Sun Crypto Accelerator 4000 Board
Handling the Board
Caution
Installing the Board
To Install the Hardware
Page
Installing the Sun Crypto Accelerator 4000 Software
To Install the Software
Note
Installing the Optional Packages
Directories and Files
Note
/
/
Removing the Software
Caution
To Remove the Software
Caution
Page
Configuring Driver Parameters
Sun Crypto Accelerator 4000 Ethernet Device Driver (vca) Parameters
Caution
Driver Parameter Values and Definitions
Advertised Link Parameters
Note
Page
Flow Control Parameters
Gigabit Forced Mode Parameter
Interpacket Gap Parameters
Page
Interrupt Parameters
Random Early Drop Parameters
Page
PCI Bus Interface Parameters
Setting vca Driver Parameters
Setting Parameters Using the ndd Utility
To Specify Device Instances for the ndd Utility
Note
Noninteractive and Interactive Modes
Using the ndd Utility in Noninteractive Mode
Using the ndd Utility in Interactive Mode
(See TABLE3-1 through TABLE 3-9 for parameter descriptions.)
Setting Autonegotiation or Forced Mode
The following link parameters can be set to operate in either autonegotiation or forced mode:
To Disable Autonegotiation Mode
Note
Setting Parameters Using the vca.conf File
Caution
To Set Driver Parameters Using a vca.conf File
Setting Parameters for All Sun Crypto Accelerator 4000 vca Devices With the vca.conf File
To Set Parameters for All Sun Crypto Accelerator 4000 vca
Devices With the vca.conf File
Example vca.conf File
Enabling Autonegotiation or Forced Mode for Link Parameters With the OpenBoot PROM
Caution
Note
Sun Crypto Accelerator 4000 Cryptographic and Ethernet Driver Operating Statistics
Cryptographic Driver Statistics
Ethernet Driver Statistics
Page
Page
Page
Reporting the Link Partner Capabilities
Page
Page
To Check Link Partner Settings
Note
number should reflect the instance number of the board for which you arerunning the kstat command.
Network Configuration
Configuring the Network Host Files
Note
Page
Page
Administering the Sun Crypto Accelerator 4000 Board With the vcaadm and vcadiag Utilities
Using vcaadm
Note
Modes of Operation
Note
Single-Command Mode
Note
File Mode
Interactive Mode
Logging In and Out With vcaadm
Logging In to a Board With vcaadm
Logging In to a New Board
Note
Logging In to a Board With a Changed Remote Access Key
vcaadm Prompt
Logging Out of a Board With vcaadm
Example:
Entering Commands With vcaadm
Getting Help for Commands
Quitting the vcaadm Program in Interactive Mode
Initializing the Sun Crypto Accelerator 4000 Board With vcaadm
To Initialize the Sun Crypto Accelerator 4000
Board With a New Keystore
Note
Initializing the Sun Crypto Accelerator 4000 Board to Use an Existing Keystore
To Initialize the Sun Crypto Accelerator 4000
Board to Use an Existing Keystore
Managing Keystores With vcaadm
Note
Naming Requirements
Password Requirements
Setting the Password Requirements
Populating a Keystore With Security Officers
Populating a Keystore With Users
Caution
Note
Listing Users and Security Officers
Changing Passwords
Enabling or Disabling Users
Note
Deleting Users
Deleting Security Officers
Backing Up the Master Key
Caution
Locking the Keystore to Prevent Backups
Caution
Managing Boards With vcaadm
Setting the Auto-Logout Time
Displaying Board Status
Determining if the Board is Operating in FIPS 140-2 Mode
Loading New Firmware
Resetting a Sun Crypto Accelerator 4000 Board
Rekeying a Sun Crypto Accelerator 4000 Board
Zeroizing a Sun Crypto Accelerator 4000 Board
Note
Using the vcaadm diagnostics Command
Using vcadiag
Note
Page
The following is an example of the -K option:
The following is an example of the -Q option:
The following is an example of the -Z option:
The following is an example of the -R option:
Page
Configuring Sun ONE Server Software for Use With the Sun Crypto Accelerator 4000 Board
Note
Administering Security for Sun ONE Web Servers
Note
Concepts and Terminology
Note
Tokens and Token Files
Example
Token Files
Note
Enabling and Disabling Bulk Encryption
Configuring Sun ONE WebServers
Passwords
Populating a Keystore
Note
To Populate a Keystore
Caution
Overview for Enabling Sun ONE Web Servers
Caution
Installing and Configuring Sun ONE Web Server 4.1
Installing Sun ONE Web Server 4.1
To Install Sun ONE WebServer 4.1
To Create a Trust Database
Note
To Generate a Server Certificate
Page
Note
To Install the Server Certificate
Configuring Sun ONE Web Server 4.1 for SSL
To Configure the Sun ONE Web Server 4.1
Page
Note
Installing and Configuring Sun ONE Web Server 6.0
Installing Sun ONE Web Server 6.0
To Install Sun ONE WebServer 6.0
To Create a Trust Database
Note
Page
To Generate a Server Certificate
Page
Note
To Install the Server Certificate
Configuring Sun ONE Web Server 6.0 for SSL
To Configure the Sun ONE Web Server 6.0
Page
Page
Configuring Apache Web Servers for Use With the Sun Crypto Accelerator 4000 Board
Caution
Note
Enabling the Board for Apache Web Servers
Enabling Apache Web Servers
To Enable the Apache WebServer
Page
Caution
Creating a Certificate
To Create a Certificate
Note
Page
Page
Diagnostics and Troubleshooting
SunVTS Diagnostic Software
Installing SunVTS netlbtest and nettest Support for the vca Driver
Note
Using SunVTS Software to Perform vcatest, nettest, and netlbtest
Note
To Perform vcatest
Note
Test Parameter Options for vcatest
vcatest Command-Line Syntax
To Perform netlbtest
Note
To Perform nettest
Page
Note
Using kstat to Determine Cryptographic Activity
Note
Using the OpenBoot PROM FCode Self- Test
Performing the Ethernet FCode Self-Test
Diagnostic
Page
Note
Troubleshooting the Sun Crypto Accelerator 4000 Board
show-devs
.properties
watch-net
Specifications
Sun Crypto Accelerator 4000 MMF Adapter
Connectors
136 Sun Crypto Accelerator 4000 Board Installation and Users Guide May 2003
TABLEA-1 lists the characteristics of the SC connector (850 nm).
Operating range Up to 260 meters Up to 550 meters
Physical Dimensions
Performance Specifications
Power Requirements
Interface Specifications
Environmental Specifications
Sun Crypto Accelerator 4000 UTP Adapter
Connectors
Appendix A Specifications 139
TABLEA-7 lists the characteristics of the Cat-5 connector used by the Sun Crypto
Accelerator 4000 UTP adapter.
Operating range Up to 100 meters
Physical Dimensions
Performance Specifications
Power Requirements
Interface Specifications
Environmental Specifications
Page
SSL Configuration Directives for Apache Web Servers
Note
Page
Page
Page
Page
Page
Page
Building Applications for Use With the Sun Crypto Accelerator 4000 Board
Note
Page
Software Licenses
Note
Sun Microsystems, Inc. Binary Code License Agreement
Page
Sun Microsystems, Inc. Supplemental Termsfor Sun Crypto Accelerator 4000
Third Party License Terms
OPENSSL LICENSE ISSUES
OpenSSL License
Original SSLeay License
MOD_SSL LICENSE
Page
Page
Manual Pages
man -M /opt/SUNWconn/man
page
Page
Zeroizing the Hardware
Caution
Note
Zeroizing the Sun Crypto Accelerator 4000 Hardware to the Factory State
Note
Board With the Hardware Jumper
Note
Caution
Page
Frequently Asked Questions
How Do I Configure the WebServer to Startup Without User Interaction on Reboot?
To Create an Encrypted Key for Automatic Startup of
Apache Web Servers on Reboot
To Create an Encrypted Key for Automatic Startup of Sun
ONE Web Servers on Reboot
How Do I Assign Different MAC Addresses to Multiple Boards Installed in the Same Server?
Page
How Do I Self-Sign a Certificate for Testing?
Index
SYMBOLS
NUMERICS
A
B
C
D
E
F
G
H
I
K
L
M
N
O
P
Q
R
S
T
U
V