Red Hat DIRECTORY SERVER 8.0 Manual do Utilizador descarregar pdf (Página 13)

nCipher Modules: Integration Guide for Red Hat Certificate System 8.0 1.0 13

Installing and configuring Red Hat Certificate System 8.0

9 Run the following command in /var/lib/pki-ca/alias/ to add the Thales nCipher module:

[root@hostname alias]# modutil -dbdir . -nocertdb -add nethsm –libfile

/opt/nfast/toolkits/pkcs11/libcknfast.so

Note For 64-bit environments, run the following command:

[root@hostname alias]# modutil -dbdir . -nocertdb -add nethsm -libfile

/opt/nfast/toolkits/pkcs11/libcknfast-64.so

10 To list the added module, run the following command:

[root@hostname alias]# modutil -dbdir . -nocertdb –list

Listing of PKCS #11 Modules

-----------------------------------------------------------

1. NSS Internal PKCS #11 Module

slots: 2 slots attached

status: loaded

slot: NSS Internal Cryptographic Services

token: NSS Generic Crypto Services

slot: NSS User Private Key and Certificate Services

token: NSS Certificate DB

2. nfast

library name: /opt/nfast/toolkits/pkcs11/libcknfast.so

slots: 1 slot attached

status: loaded

slot: DD16-DA9E-D5AD #1 nFast PCI device, bus 1, slot 1. slot 0

token: ocs

-----------------------------------------------------------

Note The output shown above is displayed when OCS protection is used.

11 SE Linux policies are created and configured automatically to enable Certificate System

instances to run with SE Linux in enforcing or permissive modes. In enforcing mode, any

hardware tokens that use the Certificate System instances must also be configured to run with

SE Linux in enforcing mode, otherwise the HSM will not be available during subsystem

installation. Before installing any Certificate System instances, run the following command

to reset the context of files in

/dev/nfast to match the newly-installed policy:

[root@hostname alias]#/sbin/restorecon -R /dev/nfast

1 2 ... 8 9 10 11 12 13 14 15 16 17 18

Sem comentários

Red Hat DIRECTORY SERVER 8.0 Manual do Utilizador Página 13