On all machines with an nCipher card you must define a system environment variable, for example, CKNFAST_LOADSHARING=1. This allows the use of softcards to protect keys. After you have added the new variable you must reboot. For more information, refer to the nCipher documentation.

To configure SunPKCS11 insert the following line into the java.security file:

security.provider.3=sun.security.pkcs11.SunPKCS11 /nfast/sunpkcs11.cfg 

Move all other providers up the numeric ordering list.

#
# List of providers and their preference orders (see above):
#
security.provider.1=sun.security.provider.Sun
security.provider.2=sun.security.rsa.SunRsaSign
security.provider.3=sun.security.pkcs11.SunPKCS11 /nfast/sunpkcs11.cfg
security.provider.4=org.bouncycastle.jce.provider.BouncyCastleProvider
security.provider.5=com.sun.net.ssl.internal.ssl.Provider
security.provider.6=com.sun.crypto.provider.SunJCE
security.provider.7=sun.security.jgss.SunProvider
security.provider.8=com.sun.security.sasl.Provider

Make sure the number you choose for SunPKCS11 is lower than bouncy castle and SunJCE.

Note: The PKCS11 driver is used to interact with the nCipher hardware. However, there is a Java limitation that effects the interaction. This limitation allows only a single PKCS11 driver to be defined. As a result, only a single instance of the PKCS11-based provider is supported in any given configuration.