Enabling the support of cryptographic hardware

This applies to reverse proxy configurations only.

Follow this procedure to enable the SSL handshake routine to be offloaded to a cryptographic hardware card:

  1. Install the cryptographic hardware card according to the manufacturer's instructions.
  2. Enable SSL for Caching Proxy. For more information, refer to Secure Sockets Layer (SSL).
  3. Manually edit the SSLCryptoCard directive in the ibmproxy.conf configuration file. No entry for this directive appears in the Configuration and Administration forms. For more information, refer to the SSLCryptoCard directive reference, SSLCryptoCard -- Specify the installed cryptographic card.

    On AIX, in order to support the IBM 4960 PCI Cryptographic Accelerator Card, see PKCS11DefaultCert, PKCS11DriverPath, PKCS11TokenPassword -- Supports IBM 4960 PCI Cryptographic Accelerator Card (AIX only).