Known problems with hardware cryptographic support on AIX

This topic contains troubleshooting information for known problems with the cryptographic hardware on AIX®.

You must install the bos.pkcs11 package to get the PKCS11 module, and to initialize the device on AIX.

An added update to the bos.pkcs11 package fixed a forking problem. Obtain the most recent copy of the bos.pkcs11 package from the IBM PSeries Support Site to ensure you have this fix.

If you are having problems using the IBM eBusiness Cryptographic Accelerator Device with IBM HTTP Server, do the following:

  1. Reboot the machine.

  2. Kill pkcsslotd and the shared memory that it created. To determine the shared memory that was created, type ipcs -a. Find the segment with size 270760 to determine the memory segment that was created by pkcsslotd.

  3. Export EXPSHM=ON.

  4. Start the pkcs11 process: /etc/rc.pkcsw11

  5. Restart IBM HTTP Server: ./apachectl start