On all machines with an nCipher card you must define a system environment variable, for example, CKNFAST_LOADSHARING=1. This allows the use of softcards to protect keys. After you have added the new variable you must reboot. For more information, refer to the nCipher documentation.
To configure SunPKCS11 insert the following line into the java.security file:
security.provider.3=sun.security.pkcs11.SunPKCS11 /nfast/sunpkcs11.cfg
Move all other providers up the numeric ordering list.
# # List of providers and their preference orders (see above): # security.provider.1=sun.security.provider.Sun security.provider.2=sun.security.rsa.SunRsaSign security.provider.3=sun.security.pkcs11.SunPKCS11 /nfast/sunpkcs11.cfg security.provider.4=org.bouncycastle.jce.provider.BouncyCastleProvider security.provider.5=com.sun.net.ssl.internal.ssl.Provider security.provider.6=com.sun.crypto.provider.SunJCE security.provider.7=sun.security.jgss.SunProvider security.provider.8=com.sun.security.sasl.Provider
Make sure the number you choose for SunPKCS11 is lower than bouncy castle and SunJCE.
Note: The PKCS11 driver is used to interact with the nCipher hardware. However, there is a Java limitation that effects the interaction. This limitation allows only a single PKCS11 driver to be defined. As a result, only a single instance of the PKCS11-based provider is supported in any given configuration.
iWay Software |