Known problems with hardware cryptographic support
This topic contains troubleshooting information for known problems with the cryptographic hardware.
We must install the bos.pkcs11 package to get the PKCS11 module, and to initialize the device on AIX.
An added update to the bos.pkcs11 package fixed a forking problem. Obtain the most recent copy of the bos.pkcs11 package from the IBM PSeries Support Site, to ensure we have this fix.
The ikmuser.sample file that is shipped with the GSKit Toolkit typically installs in the following directories, depending on the platform:
-
![[AIX]](aixlogo.gif)
/usr/opt/ibm/gskta/classes
-
![[HP-UX]](hpux.gif)
/opt/ibm/gsk7/classes
-
![[Linux]](linux.gif)
/usr/local/ibm/gsk7/classes
-
![[Solaris]](solaris.gif)
/opt/ibm/gsk7/classes
-
![[Windows]](windows.gif)
C:\Program Files\ibm\gsk7\classes
Renaming this file to ikmuser.properties in the classes directory enables iKeyman to use it for a cryptographic token.
If we are having problems using the IBM eBusiness Cryptographic Accelerator Device with IBM HTTP Server...
- Reboot the machine.
- Kill pkcsslotd and the shared memory it created. To determine what
shared memory was created, typeipcs -a and for a size of 270760.
This was the memory created by pkcsslotd.
- Export EXPSHM=ON.
- Start the pkcs11 process: /etc/rc.pkcsw11
- Restart IBM HTTP Server:./apachectl start