ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzajc_5.4.0.1/rzajcconfig2058.htm

79 lines
6.3 KiB
HTML

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="task" />
<meta name="DC.Title" content="Configure the 2058 Cryptographic Accelerator" />
<meta name="abstract" content="You must create a device description so that i5/OS SSL can direct RSA cryptographic operations to the 2058 Cryptographic Accelerator. You can create a device description by using the Create Device Description (Crypto) (CRTDEVCRP)." />
<meta name="description" content="You must create a device description so that i5/OS SSL can direct RSA cryptographic operations to the 2058 Cryptographic Accelerator. You can create a device description by using the Create Device Description (Crypto) (CRTDEVCRP)." />
<meta name="DC.Relation" scheme="URI" content="rzajcaccel2058.htm" />
<meta name="DC.Relation" scheme="URI" content="rzajcfeats2058.htm" />
<meta name="DC.Relation" scheme="URI" content="rzajcssl2058.htm" />
<meta name="DC.Relation" scheme="URI" content="rzajcplan2058.htm" />
<meta name="DC.Relation" scheme="URI" content="rzajcssl2058.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="config2058" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Configure the 2058 Cryptographic Accelerator</title>
</head>
<body id="config2058"><a name="config2058"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Configure the 2058 Cryptographic Accelerator</h1>
<div><p>You must create a device description so that i5/OS™ SSL can
direct RSA cryptographic operations to the 2058 Cryptographic Accelerator.
You can create a device description by using the Create Device Description
(Crypto) (CRTDEVCRP). </p>
<div class="section"> <p></p>
<p>To create
a device description using the CL command, follow these steps:</p>
</div>
<ol><li><span>Type <kbd class="userinput">CRTDEVCRP</kbd> at the command line.</span></li>
<li><span>Specify a name for the device as prompted.</span></li>
<li><span>Accept the default name of the PKA key store: <kbd class="userinput">*NONE</kbd>.</span></li>
<li><span>Accept the name default of the DES key store: <kbd class="userinput">*NONE</kbd>.</span></li>
<li><span>Specify an APPTYPE of <kbd class="userinput">*NONE</kbd>.</span></li>
<li><strong>Optional: </strong><span>Specify a description as prompted.</span></li>
<li><span>Use either the<span class="cmdname"> Vary Configuration (VRYCFG)</span> or
the <span class="cmdname">Work with Configuration Status (WRKCFGSTS)</span> CL commands
to vary on the device once you have created the device description.</span></li>
</ol>
<div class="section"> <div class="p">For digital certificates that are generated by software, and stored
in software, i5/OS SSL
automatically starts using the 2058 Cryptographic Accelerator once the device
is varied-on. The private key processing associated with SSL and TLS session
establishment is off-loaded to the 2058 Cryptographic Accelerator. When the
device is varied-off, i5/OS SSL switches back to software based encryption
for establishing SSL and TLS sessions, thereby placing the private key processing
load back on the server. <div class="note"><span class="notetitle">Note:</span> This is only true for certificates and private
keys that were not created by the Cryptographic Coprocessor. If a certificate
was generated using the Cryptographic Coprocessor, the Cryptographic Coprocessor
has to be used for those SSL or TLS sessions which use that particular certificate.</div>
</div>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzajcaccel2058.htm" title="The 2058 Cryptographic Accelerator is available for customers to use with a V5R2 (or later) system.">2058 Cryptographic Accelerator</a></div>
</div>
<div class="relconcepts"><strong>Related concepts</strong><br />
<div><a href="rzajcfeats2058.htm" title="Read this information to learn about the features of the 2058 Cryptographic Accelerator.">Features</a></div>
<div><a href="rzajcssl2058.htm" title="In this scenario, a company orders and installs 2058 Cryptographic Accelerator is a PCI (Peripheral Component Interconnect) card. This card is specially designed to accelerate the very compute intensive processing required when establishing a SSL/TLS session. The scenario specifies the steps this company makes to get the card configured to enhance the SSL performance of its system.">Scenario: Enhance system SSL performance</a></div>
<div><a href="rzajcplan2058.htm" title="Depending on the model of server you have, you can install up to a maximum of eight IBM Cryptographic Accelerators. You must ensure that your server meets the hardware an software requirements to use the Cryptographic Accelerator.">Plan for the 2058 Cryptographic Accelerator</a></div>
<div><a href="rzajcssl2058.htm" title="In this scenario, a company orders and installs 2058 Cryptographic Accelerator is a PCI (Peripheral Component Interconnect) card. This card is specially designed to accelerate the very compute intensive processing required when establishing a SSL/TLS session. The scenario specifies the steps this company makes to get the card configured to enhance the SSL performance of its system.">Scenario: Enhance system SSL performance</a></div>
</div>
</div>
</body>
</html>