Krishna Yenduri's Weblog Krishna Yenduri's Weblog

« UltraSPARC T2 (Niaga... | Main | Kernel SSL deep dive... »

Friday May 15, 2009

ksslcfg(1M) and the -T option on S10

ksslcfg(1M) and the -T option on S10 ksslcfg(1m) has a -T option. From the man page -

-T token_label
         When pkcs11 is specified with -f, uses the PKCS#11 token
         specified in token_label. Use cryptoadm list -v to
         display all PKCS#11 tokens available.

and from the Examples section
         # ksslcfg create -f pkcs11 -T "Sun Software PKCS#11 softtoken" \
         -C "Server-Cert" -p /some/directory/password -u webservd \
         -x 8080 www.mysite.com 443

The above example does not work in S10 due to a bug (6507464) that will be fixed. A work around is to disable metaslot before running the command and enable it after. So, do this for the above example

#cryptoadm disable metaslot
#ksslcfg create -f pkcs11 -T "Sun Software PKCS#11 softtoken" ...
#cryptoadm enable metaslot

Technorati Tag:
Technorati Tag:

Posted at 03:57PM May 15, 2009 by yenduri in Solaris | Permalink

Comments:

Post a Comment:
Comments are closed for this entry.

About This Weblog

Author: Bhargava Yenduri

Archives

« November 2009
SunMonTueWedThuFriSat
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
     
       
Today

Feeds

Search

Blogroll

Other Blog Links

Today's Page Hits: 36