HP-UX Directory Server 8.1 administration server guide
• “Enabling a slot”
• “Enabling FIPS compliance”
• “Adding a cryptographic module”
• “Changing the password on a token”
Creating database files To create a set of security management database files in a directory:
modutil -create -dbdir /etc/opt/dirsrv/admin-serv
WARNING: Performing this operation while the browser is running could cause
corruption of your security databases. If the browser is currently running,
you should exit browser before continuing this operation. Type
'q <enter>' to abort, or <enter> to continue:
Creating "/etc/opt/dirsrv/admin-serv/key3.db"...done.
Creating "/etc/opt/dirsrv/admin-serv/cert8.db"...done.
Creating "/etc/opt/dirsrv/admin-serv/secmod.db"...done.
Displaying module information To retrieve detailed information about a specific module:
modutil -list -dbdir /etc/opt/dirsrv/admin-serv
Using database directory /etc/opt/dirsrv/admin-serv...
Listing of PKCS #11 Modules
-----------------------------------------------------------
1. NSS Internal PKCS #11 Module
slots: 2 slots attached
status: loaded
slot: NSS Internal Cryptographic Services
token: NSS Generic Crypto Services
slot: NSS User Private Key and Certificate Services
token: NSS Certificate DB
-----------------------------------------------------------
Setting a default provider To make a specific module the default provider for the RSA, DSA,
and RC2 security mechanisms:
modutil -default "Cryptographic Module" -dbdir /etc/opt/dirsrv/admin-serv \
-mechanisms RSA:DSA:RC2
WARNING: Performing this operation while the browser is running could cause
corruption of your security databases. If the browser is currently running,
you should exit browser before continuing this operation. Type 'q <enter>'
to abort, or <enter> to continue:
Using database directory /etc/opt/dirsrv/admin-serv...
Successfully changed defaults.
Enabling a slot To enable a particular slot in a module:
modutil -enable "Cryptographic Module" -slot "Cryptographic Reader" \
-dbdir /etc/opt/dirsrv/admin-serv
WARNING: Performing this operation while the browser is running could cause
corruption of your security databases. If the browser is currently running,
you should exit browser before continuing this operation. Type
'q <enter>' to abort, or <enter> to continue:
Using database directory /etc/opt/dirsrv/admin-serv...
Slot "Cryptographic Reader" enabled.
Enabling FIPS compliance To enable FIPS-140-1 compliance in the Admin Server's internal
module:
4.2 modutil 49