Configuring the 2058 Cryptographic Accelerator

 

You must create a device description so that i5/OS™ SSL can direct RSA cryptographic operations to the 2058 Cryptographic Accelerator. You can create a device description by using the Create Device Description (Crypto) (CRTDEVCRP).

To create a device description using the CL command, follow these steps:

1. Type CRTDEVCRP at the command line.

2. Specify a name for the device as prompted.

3. Accept the default name of the PKA key store: *NONE.

4. Accept the name default of the DES key store: *NONE.

5. Specify an APPTYPE of *NONE.

6. Optional: Specify a description as prompted.

7. Use either the Vary Configuration (VRYCFG) or the Work with Configuration Status (WRKCFGSTS) CL commands to vary on the device once you have created the device description.

For digital certificates that are generated by software, and stored in software, i5/OS SSL automatically starts using the 2058 Cryptographic Accelerator once the device is varied-on. The private key processing associated with SSL and TLS session establishment is off-loaded to the 2058 Cryptographic Accelerator. When the device is varied-off, i5/OS SSL switches back to software based encryption for establishing SSL and TLS sessions, thereby placing the private key processing load back on the system.

This is only true for certificates and private keys that were not created by the Cryptographic Coprocessor. If a certificate was generated using the Cryptographic Coprocessor, the Cryptographic Coprocessor has to be used for those SSL or TLS sessions which use that particular certificate.

 

Parent topic:

2058 Cryptographic Accelerator

Related concepts
Features Scenario: Enhancing system SSL performance Planning for the 2058 Cryptographic Accelerator Scenario: Enhancing system SSL performance