The IBM HTTP Server enables nCipher and Rainbow accelerator
devices by default. To disable your accelerator device, add the SSLAcceleratorDisable directive to your configuration file.
Before you begin
When using the IBM e-business Cryptographic Accelerator,
or the IBM 4758, the user ID under which the Web server runs must
be a member of the PKCS11 group. You can create the PKCS11 group by
installing the bos.pkcs11 package or its updates. Change
the Group directive in the configuration file to group
pkcs11.
About this task
If you want the IBM HTTP Server to use the PKCS11 interface,
configure the following:
Procedure
- Stash your password to the PKCS11 device, or optionally
enable password prompting.
![[Updated in August 2011]](../../delta.gif)
The stash file
that the sslstash command creates is completely independent of the
stash file that often accompanies a CMS KeyFile (*.kdb). Therefore,
make sure that you:
- Do not overwrite an existing *.sth file when you issue the sslstash
command.
- Never choose a filename for the output of the sslstash command
that corresponds to the filename of a CMS KeyFile (*.kdb).
![[Updated in August 2011]](../../deltaend.gif)
aug2011
Syntax: sslstash [-c] <file>
<function> <password> where:
- -c: Creates a new stash file. If not specified, an existing stash
file is updated.
- file: Represents a fully-qualified name of the file to create
or update.
- function: Represents the function for which the server uses the
password. Valid values include crl or crypto.
- password: Indicates the password to stash.
- Place the following directives in your configuration file.