ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzajc_5.4.0.1/rzajcsetup.htm

100 lines
7.4 KiB
HTML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="concept" />
<meta name="DC.Title" content="Configure the Cryptographic Coprocessor" />
<meta name="abstract" content="Configuring your Cryptographic Coprocessor allows you to begin to use all of its cryptographic operations." />
<meta name="description" content="Configuring your Cryptographic Coprocessor allows you to begin to use all of its cryptographic operations." />
<meta name="DC.Relation" scheme="URI" content="rzajcco4758.htm" />
<meta name="DC.Relation" scheme="URI" content="rzajcdevicedescript.htm" />
<meta name="DC.Relation" scheme="URI" content="rzajcnamefiles.htm" />
<meta name="DC.Relation" scheme="URI" content="rzajcsetclock.htm" />
<meta name="DC.Relation" scheme="URI" content="rzajccontrolvector.htm" />
<meta name="DC.Relation" scheme="URI" content="rzajcmasterkey.htm" />
<meta name="DC.Relation" scheme="URI" content="rzajcprereqssl.htm" />
<meta name="DC.Relation" scheme="URI" content="rzajcprereqcustomapps.htm" />
<meta name="DC.Relation" scheme="URI" content="rzajcprereqssl.htm" />
<meta name="DC.Relation" scheme="URI" content="rzajccustomapp4758.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="rzajcsetup" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Configure the Cryptographic Coprocessor</title>
</head>
<body id="rzajcsetup"><a name="rzajcsetup"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Configure the Cryptographic Coprocessor</h1>
<div><p>Configuring your Cryptographic Coprocessor allows you to begin
to use all of its cryptographic operations.</p>
<p>The easiest and fastest way to configure your Cryptographic Coprocessor
is to use the Cryptographic Coprocessor configuration webbased utility found
off of the System Tasks page at http://<var class="varname">server-name</var>:2001
(specify another port if you have changed it from port 2001). The utility
includes the Basic configuration wizard that is used for configuring (and
initializing) a Coprocessor that has not been previously configured. If HTTP
and SSL have not been previously configured, you will need to
do the following before using the Configuration Wizard.</p>
<ul><li>Start the HTTP Administrative server.</li>
<li>Configure the HTTP Administrative server to use SSL.</li>
<li>Use DCM to create a certificate, specifying that the private key be generated
and stored in software.</li>
<li>Use DCM to receive the signed certificate.</li>
<li>Associate the certificate with the HTTP Administrative server application
ID.</li>
<li>Restart the HTTP Administrative server to enable it for SSL processing.</li>
</ul>
<p>If the Cryptographic Coprocessor has already been configured, then click
on the <span class="uicontrol">Manage configuration</span> option to change the configuration
for specific portions of the Coprocessor. </p>
<p>If you would prefer to write your own application to configure the Coprocessor,
you can do so by using the Cryptographic_Facility_Control (CSUACFC), Access_Control_Initialize
(CSUAACI), Master_Key_Process (CSNBMKP), and Key_Store_Initialize (CSNBKSI)
API verbs. Many of the pages in this section include one or more program examples
that show how to configure the Coprocessor via an application. Change these
programs to suit your specific needs.</p>
<p>Whether you choose to use the Cryptographic Coprocessor configuration utility
or write your own applications, the following outlines the steps you must
take to properly configure your Cryptographic Coprocessor:</p>
</div>
<div>
<ul class="ullinks">
<li class="ulchildlink"><strong><a href="rzajcdevicedescript.htm">Create a device description</a></strong><br />
The device description specifies a default location for key storage. You can create a device description with or without naming any key store files.</li>
<li class="ulchildlink"><strong><a href="rzajcnamefiles.htm">Name files to key store file</a></strong><br />
Before you can perform any operation using a key store file or key stored in a key store file, you must name the key store file.</li>
<li class="ulchildlink"><strong><a href="rzajcsetclock.htm">Set the environment ID and clock</a></strong><br />
Your Cryptographic Coprocessor uses the EID to verify which Coprocessor created a key token. It uses the clock for time and date stamping and to control whether a profile can log on.</li>
<li class="ulchildlink"><strong><a href="rzajccontrolvector.htm">Load a function control vector</a></strong><br />
The function control vector tells the Cryptographic Coprocessor what key length to use to create keys. You cannot perform any cryptographic functions without loading a function control vector.</li>
<li class="ulchildlink"><strong><a href="rzajcmasterkey.htm">Load and set a master key</a></strong><br />
After you load a function control vector, load and set the master key. You can use your master key to encrypt other keys.</li>
<li class="ulchildlink"><strong><a href="rzajcprereqssl.htm">Configure the Cryptographic Coprocessor for use with DCM and SSL</a></strong><br />
Read this information to make the Cryptographic Coprocessor ready for use with SSL.</li>
<li class="ulchildlink"><strong><a href="rzajcprereqcustomapps.htm">Configure the Cryptographic Coprocessor for use with i5/OS applications</a></strong><br />
This topic lists the steps needed to make Cryptographic Coprocessors
ready for use with an i5/OS™ application.</li>
</ul>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzajcco4758.htm" title="IBM offers two Cryptographic Coprocessors, which are available on a variety of server models.">4764 and 4758 Cryptographic Coprocessors</a></div>
</div>
<div class="relconcepts"><strong>Related concepts</strong><br />
<div><a href="rzajcprereqssl.htm" title="Read this information to make the Cryptographic Coprocessor ready for use with SSL.">Configure the Cryptographic Coprocessor for use with DCM and SSL</a></div>
<div><a href="rzajccustomapp4758.htm" title="This scenario could help an i5/OS programmer reason through the process of writing a program that calls the Cryptographic Coprocessor to verify user data such as financial personal identification numbers (PINs), which are entered at automatic teller machines (ATMs).">Scenario: Write an i5/OS application to use the Cryptographic Coprocessor</a></div>
</div>
</div>
</body>
</html>