100 lines
7.4 KiB
HTML
100 lines
7.4 KiB
HTML
|
<?xml version="1.0" encoding="UTF-8"?>
|
|||
|
<!DOCTYPE html
|
|||
|
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
|||
|
<html lang="en-us" xml:lang="en-us">
|
|||
|
<head>
|
|||
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
|||
|
<meta name="security" content="public" />
|
|||
|
<meta name="Robots" content="index,follow" />
|
|||
|
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
|
|||
|
<meta name="DC.Type" content="concept" />
|
|||
|
<meta name="DC.Title" content="Configure the Cryptographic Coprocessor" />
|
|||
|
<meta name="abstract" content="Configuring your Cryptographic Coprocessor allows you to begin to use all of its cryptographic operations." />
|
|||
|
<meta name="description" content="Configuring your Cryptographic Coprocessor allows you to begin to use all of its cryptographic operations." />
|
|||
|
<meta name="DC.Relation" scheme="URI" content="rzajcco4758.htm" />
|
|||
|
<meta name="DC.Relation" scheme="URI" content="rzajcdevicedescript.htm" />
|
|||
|
<meta name="DC.Relation" scheme="URI" content="rzajcnamefiles.htm" />
|
|||
|
<meta name="DC.Relation" scheme="URI" content="rzajcsetclock.htm" />
|
|||
|
<meta name="DC.Relation" scheme="URI" content="rzajccontrolvector.htm" />
|
|||
|
<meta name="DC.Relation" scheme="URI" content="rzajcmasterkey.htm" />
|
|||
|
<meta name="DC.Relation" scheme="URI" content="rzajcprereqssl.htm" />
|
|||
|
<meta name="DC.Relation" scheme="URI" content="rzajcprereqcustomapps.htm" />
|
|||
|
<meta name="DC.Relation" scheme="URI" content="rzajcprereqssl.htm" />
|
|||
|
<meta name="DC.Relation" scheme="URI" content="rzajccustomapp4758.htm" />
|
|||
|
<meta name="copyright" content="(C) Copyright IBM Corporation 2006" />
|
|||
|
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2006" />
|
|||
|
<meta name="DC.Format" content="XHTML" />
|
|||
|
<meta name="DC.Identifier" content="rzajcsetup" />
|
|||
|
<meta name="DC.Language" content="en-us" />
|
|||
|
<!-- All rights reserved. Licensed Materials Property of IBM -->
|
|||
|
<!-- US Government Users Restricted Rights -->
|
|||
|
<!-- Use, duplication or disclosure restricted by -->
|
|||
|
<!-- GSA ADP Schedule Contract with IBM Corp. -->
|
|||
|
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
|
|||
|
<link rel="stylesheet" type="text/css" href="./ic.css" />
|
|||
|
<title>Configure the Cryptographic Coprocessor</title>
|
|||
|
</head>
|
|||
|
<body id="rzajcsetup"><a name="rzajcsetup"><!-- --></a>
|
|||
|
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
|
|||
|
<h1 class="topictitle1">Configure the Cryptographic Coprocessor</h1>
|
|||
|
<div><p>Configuring your Cryptographic Coprocessor allows you to begin
|
|||
|
to use all of its cryptographic operations.</p>
|
|||
|
<p>The easiest and fastest way to configure your Cryptographic Coprocessor
|
|||
|
is to use the Cryptographic Coprocessor configuration web–based utility found
|
|||
|
off of the System Tasks page at http://<var class="varname">server-name</var>:2001
|
|||
|
(specify another port if you have changed it from port 2001). The utility
|
|||
|
includes the Basic configuration wizard that is used for configuring (and
|
|||
|
initializing) a Coprocessor that has not been previously configured. If HTTP
|
|||
|
and SSL have not been previously configured, you will need to
|
|||
|
do the following before using the Configuration Wizard.</p>
|
|||
|
<ul><li>Start the HTTP Administrative server.</li>
|
|||
|
<li>Configure the HTTP Administrative server to use SSL.</li>
|
|||
|
<li>Use DCM to create a certificate, specifying that the private key be generated
|
|||
|
and stored in software.</li>
|
|||
|
<li>Use DCM to receive the signed certificate.</li>
|
|||
|
<li>Associate the certificate with the HTTP Administrative server application
|
|||
|
ID.</li>
|
|||
|
<li>Restart the HTTP Administrative server to enable it for SSL processing.</li>
|
|||
|
</ul>
|
|||
|
<p>If the Cryptographic Coprocessor has already been configured, then click
|
|||
|
on the <span class="uicontrol">Manage configuration</span> option to change the configuration
|
|||
|
for specific portions of the Coprocessor. </p>
|
|||
|
<p>If you would prefer to write your own application to configure the Coprocessor,
|
|||
|
you can do so by using the Cryptographic_Facility_Control (CSUACFC), Access_Control_Initialize
|
|||
|
(CSUAACI), Master_Key_Process (CSNBMKP), and Key_Store_Initialize (CSNBKSI)
|
|||
|
API verbs. Many of the pages in this section include one or more program examples
|
|||
|
that show how to configure the Coprocessor via an application. Change these
|
|||
|
programs to suit your specific needs.</p>
|
|||
|
<p>Whether you choose to use the Cryptographic Coprocessor configuration utility
|
|||
|
or write your own applications, the following outlines the steps you must
|
|||
|
take to properly configure your Cryptographic Coprocessor:</p>
|
|||
|
</div>
|
|||
|
<div>
|
|||
|
<ul class="ullinks">
|
|||
|
<li class="ulchildlink"><strong><a href="rzajcdevicedescript.htm">Create a device description</a></strong><br />
|
|||
|
The device description specifies a default location for key storage. You can create a device description with or without naming any key store files.</li>
|
|||
|
<li class="ulchildlink"><strong><a href="rzajcnamefiles.htm">Name files to key store file</a></strong><br />
|
|||
|
Before you can perform any operation using a key store file or key stored in a key store file, you must name the key store file.</li>
|
|||
|
<li class="ulchildlink"><strong><a href="rzajcsetclock.htm">Set the environment ID and clock</a></strong><br />
|
|||
|
Your Cryptographic Coprocessor uses the EID to verify which Coprocessor created a key token. It uses the clock for time and date stamping and to control whether a profile can log on.</li>
|
|||
|
<li class="ulchildlink"><strong><a href="rzajccontrolvector.htm">Load a function control vector</a></strong><br />
|
|||
|
The function control vector tells the Cryptographic Coprocessor what key length to use to create keys. You cannot perform any cryptographic functions without loading a function control vector.</li>
|
|||
|
<li class="ulchildlink"><strong><a href="rzajcmasterkey.htm">Load and set a master key</a></strong><br />
|
|||
|
After you load a function control vector, load and set the master key. You can use your master key to encrypt other keys.</li>
|
|||
|
<li class="ulchildlink"><strong><a href="rzajcprereqssl.htm">Configure the Cryptographic Coprocessor for use with DCM and SSL</a></strong><br />
|
|||
|
Read this information to make the Cryptographic Coprocessor ready for use with SSL.</li>
|
|||
|
<li class="ulchildlink"><strong><a href="rzajcprereqcustomapps.htm">Configure the Cryptographic Coprocessor for use with i5/OS applications</a></strong><br />
|
|||
|
This topic lists the steps needed to make Cryptographic Coprocessors
|
|||
|
ready for use with an i5/OS™ application.</li>
|
|||
|
</ul>
|
|||
|
|
|||
|
<div class="familylinks">
|
|||
|
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzajcco4758.htm" title="IBM offers two Cryptographic Coprocessors, which are available on a variety of server models.">4764 and 4758 Cryptographic Coprocessors</a></div>
|
|||
|
</div>
|
|||
|
<div class="relconcepts"><strong>Related concepts</strong><br />
|
|||
|
<div><a href="rzajcprereqssl.htm" title="Read this information to make the Cryptographic Coprocessor ready for use with SSL.">Configure the Cryptographic Coprocessor for use with DCM and SSL</a></div>
|
|||
|
<div><a href="rzajccustomapp4758.htm" title="This scenario could help an i5/OS programmer reason through the process of writing a program that calls the Cryptographic Coprocessor to verify user data such as financial personal identification numbers (PINs), which are entered at automatic teller machines (ATMs).">Scenario: Write an i5/OS application to use the Cryptographic Coprocessor</a></div>
|
|||
|
</div>
|
|||
|
</div>
|
|||
|
</body>
|
|||
|
</html>
|