000018609 - Add nCipher smartcard support / hardware token to an existing Keon Certificate Authority

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000018609
Applies TonCipher hardware module
Keon Certificate Authority 4.7
Sentry CA 4.7
Microsoft Windows
Sun Solaris
IssueAdd nCipher smartcard support / hardware token to an existing Keon Certificate Authority
ResolutionTo add nCipher smartcard support to an existing installation:

1. Install the nCipher hardware, server software, and PKCS #11 library as described in the following sections

2. Initialize a smartcard and insert it into reader. (See the nCipher hardware manual for more information if needed)

3. Stop the KCA / Sentry CA Administration Server and Secure Directory Server

4. Add a directive to the top of <installed-dir>/Xudad/conf/xudad.conf to specify the location of the nCipher PKCS #11 dynamic link library

For Windows NT, the default installed location is C:\nfast\bin\cknfast.dll - for example:

    crypto_providers "pkcs11v2,C:\nfast\bin\cknfast.dll"

For UNIX, the default installed location is /opt/nfast/gcc/lib/libcknfast.so  - for example:

    crypto_providers "pkcs11v2,/opt/nfast/gcc/lib/libcknfast.so"

5. Add a directive to the top of <installed-dir>/WebServer/conf/sentry.conf to specify the location of the nCipher PKCS #11 dynamic link library.

For Windows NT, the default installed location is C:\nfast\bin\cknfast.dll - for example:

    crypto_providers = pkcs11v2,C:\nfast\bin\cknfast.dll

For UNIX, the default installed location is /opt/nfast/gcc/lib/libcknfast.so - for example:

    crypto_providers = pkcs11v2,/opt/nfast/gcc/lib/libcknfast.so

6. Start the KCA / Sentry CA Administration Server and Secure Directory Server
Legacy Article IDa2310

Attachments

    Outcomes