My Oracle Support Banner

How to Configure the GlassFish Enterprise Server to Use a Sun Crypto Accelerator 6000 Card / SCA6000 (Doc ID 1276142.1)

Last updated on JUNE 04, 2021

Applies to:

Oracle GlassFish Server - Version 2.0 to 2.1.1 [Release 2.0 to 2.1]
Information in this document applies to any platform.

Goal

To demonstrate how to use a Sun Crypto Accelerator (SCA) 6000 card with the GlassFish Server.  The Sun Crypto Accelerator 6000 Board is an 8 lane PCI Express based host bus adapter (HBA) that combines IPsec and SSL cryptographic acceleration with Hardware Security Module (HSM) features. 

Once installed, the board is initialized and configured with the  scamgr utility, which manages the keystore and user information and determines the level of security in which the board operates.  Once a keystore and security officer account are configured, Java and PKCS#11 applications such as the GlassFish Server can be configured to use the board for cryptographic acceleration.

NOTE:
The installation and general administration of the SCA 6000 are outside the scope of this document, which only provides details on the basic steps needed to configure the card to be used with the application server, assuming that the card is newly installed and uninitialised in the system.

The information in this article is only applicable to GlassFish Server instances using enterprise profile, that is domains that use the NSS cryptographic library for their certificate infrastructure.

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Goal
Solution
 1. Installation Checks
 2. Configuring SCA 6000
 2.1 Logging into the SCA 6000 Card
 2.2 Creating a Keystore in SCA 6000
 2.3 Creating the Keystore User inside SCA 6000
 3. Configuring the GlassFish Server
 3.1 Configuring the GlassFish Domain to Access the Crypto Hardware
 3.1.1 Slot Passwords
 3.2 Using Privately Managed Certificate Authority and Certificates
 3.2.1 Generate the CA Certificate
 3.2.2 Generate the Server Certificate
 3.2.3 Listing the Certificates
 3.3 Using a Public Certificate Authority
 3.3.1 Creating the Certificate Request
 3.3.2 Installing the Signed Server Certificate
 3.4 Configuring the GlassFish Server to Use the Server SSL Certificate
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.