Carl Bergudden wrote:
> As I'm not at all experienced with either Netscape (aka Iplanet) web
> server or proxy server this may well have been discussed here already, and
> I just didn't understand it while browsing the earlier posts (not all of
> them though).
> (I was 'redirected' to this news group from
> [EMAIL PROTECTED], so I'm sorry if this is totally out of
> 'topic' here..)
Proxy issues are generally discussed in the newsgroup
snews://secnews.netscape.com/netscape.server.proxy
The newsgroup you're reading now, netscape.public.mozilla.crypto, discusses
iPlanet's open-source crypto libraries (NSS 3.x) and the products that use
them, such as the mozilla browser and iPlanet's 4.x servers.
> My question is:
> Is there someone here who know a way to get Iplanet proxy server 3.6 to
> use the CryptoSwiftII PCI encryption card from Rainbow Tech.
> On a SPARC/Solaris 8, I should possibly add.
Your primary source of support for installation and use of that card
with Netscape/iPlanet servers should be Rainbow, I believe.
> With Iplanet Web Server 4.1 there is straight forward installation
> instructions, and a script that uses 'modutil' to get it to recognize
> what shared library's to use I guess (?).
Yes, the 4.x servers use PKCS#11, an open standard interface for crypto
devices, and iPlanet provides utilities (such as modutil) to help with
installing modules that conform to that interface. However, even with
iPlanet 4.x servers, installation instructions for crypto hardware and the
drivers for that hardware, and how to configure the servers to use that
hardware should come from the hardware vendor, I believe.
> I think that 'Netscape proxy server 3.5x' is or have been supported,
> though I have never tried it, and I won't be able to either. My aim is
> to run Iplanet Proxy Server 3.6, no less, with the CryptoSwiftII card.
Netscape's 3.x servers use a different (and much older) crypto library
than the 4.x servers use. The older "libsec" crypto library has a
proprietary interface for RSA accelerators. Some (not all) of the 3.x
servers provide a way for crypto accelerator vendors to connect their
drivers to that proprietary interface. The 3.x web server does this
through the "NSAPI" plugin interface, for example.
To be honest, I don't know whether Proxy server provides a way for
accelerators to plugin to its interface, or not. But if the older 3.5x
versions of Proxy server did allow it, then I'd expect that Proxy server
version 3.6 would also allow it.
Netscape/iPlanet do not supply utilities (AFAIK) to facilitate installation
of crypto hardware in the 3.x servers. I believe the hardware vendor has
full support responsibility for that.
So, I suggest that you ask the vendor of your crypto card for instructions
on how to get their accelerator to work with Netscape proxy server 3.x or
iPlanet proxy server 3.6.
> Please contact me directly if you think you have the information I need.
>
> Best regards,
> Carl
> [EMAIL PROTECTED]
Please continue to post all follow up messages to the appropriate newsgroup,
and not in email to me personally. Thanks.
--
Nelson Bolyard Sun / Netscape Alliance
Disclaimer: I speak for myself, not for Netscape
