Utimaco Bind 9 Integration Manual Download Page 12 | Manualshive

Page: 12 / 20

background image

Integration Guide:

Bind 9

4.4 Install BIND Domain Name Server

Besides to have OpenSSL compiled from sources it is also mandatory to compile BIND from it’s source

ﬁles. This will enable BIND to use PKCS#11 enabled hardware for cryptographic operations. Since it

is determined during the conﬁguration of BIND where the OpenSSL and PKCS#11 libraries are located,

you have to provide the location of the OpenSSL libraries created in chapter 4.3. Next conﬁgure and

install BIND.

4.4.1 Linux

1. Conﬁgure BIND on a 32 bit machine

# ./configure CC=”gcc -m32” -enable-threads \

--with-openssl=/opt/openssl-p11 \

--with-pkcs11=/usr/lib/cryptoserver/libcs2_pkcs11.so

If you are on a 64 bit machine conﬁgure BIND via

# ./configure CC=”gcc -m64” -enable-threads \

--with-openssl=/opt/openssl-p11 \

--with-pkcs11=/usr/lib/cryptoserver/libcs2_pkcs11.so

2. Set the environment variable

LD_LIBRARY_PATH

to the path of the PKCS#11 library

# export LD_LIBRARY_PATH=/usr/lib/cryptoserver

3. Build and install BIND

# make

# make install

4.4.2 Microsoft Windows

1. To set the path to the PKCS#11 library run the following script:

cd bind-9.7.0\win32utils

perl setpk11provider.pl /windows/system32/cs2_pkcs11.dll

After the installation of BIND it is still possible to specify the path manually.

Page 12

«
...
10
11
12
13
14
...
»

Summary of Contents for Bind 9

Page 1: ...Integration Guide Bind 9 Linux 3 19 Microsoft Windows Server 2008...

Page 2: ...rved No part of this documentation may be reproduced in any form printing photocopy or according to any other process without the written approval of Utimaco IS GmbH or be processed reproduced or dist...

Page 3: ...s 7 4 1 Con gure PKCS 11 Environment 7 4 1 1 Linux 7 4 1 2 Microsoft Windows 7 4 1 3 Adjust Con guration File 7 4 2 Test PKCS 11 Environment 8 4 3 Patch and Build OpenSSL 9 4 3 1 Linux 9 4 3 2 Microso...

Page 4: ...et The original design of the Domain Name System did not include any security Instead it was developed as a simple scalable distributed system The Domain Name System Security Extensions DNSSEC attempt...

Page 5: ...eries S Series Se Series PCI CryptoServer CS Series S Series Se Series LAN CryptoServer Simulator CS Se HSM Firmware CryptoServer 2 50 Software CryptoServer 2 50 Linux 3 19 Ubuntu 15 04 amd64 Microsof...

Page 6: ...I LAN Installation Operating manual There is no need to install any software speci c for running CryptoServer 3 2 Install CryptoServer Software The CryptoServer software this includes administrative t...

Page 7: ...soft Windows operating system Therefore the procedures to setup the PKCS 11 respectively PKCS 11 R2 environment is described separately 4 1 1 Linux The PKCS 11 library and con guration les for Linux o...

Page 8: ...g Installation Manual For debugging purposes change the parameter Logging from value 0 which means no logging to 15 respectively 5 for PKCS 11 R2 to provide full logging details 4 2 Test PKCS 11 Envir...

Page 9: ...PKCS 11 The patch is bundled with the BIND source code Download and extract the sources for OpenSSL 2 and Bind 93 rst 4 3 1 Linux 1 Apply the patch Bind 9 7 2 bind 9 7 2 P3 bin pkcs11 openssl 0 9 8l...

Page 10: ...some errors occur at this point recheck the con guration 4 Check the availability of the engine by running the command apps openssl engine pkcs11 t 5 Install OpenSSL binary make install To make the mo...

Page 11: ...patch is used sign only or crypto accelerator The optional pre x parameter would point to the directory where the libraries and the OpenSSL con guration le are additionally copied during the installa...

Page 12: ...ine configure CC gcc m32 enable threads with openssl opt openssl p11 with pkcs11 usr lib cryptoserver libcs2_pkcs11 so If you are on a 64 bit machine con gure BIND via configure CC gcc m64 enable thre...

Page 13: ...prepares the contents of Build Release directory for BIND installation with mod i ed OpenSSL libraries 3 Install BIND from the Build Release folder Further steps usually concern general con guration...

Page 14: ...more You will be prompted to enter the user pin for the PKCS 11 slot 2 Switch to the default folder for zone les and generate the key les for BIND dnssec keyfromlabel l ksk f KSK utimaco com dnssec k...

Page 15: ...ones or new records inserted via nsupdate Therefore named requires access to the private key unattended from user interaction For PKCS 11 you have to provide the user pin of the PKCS 11 slot to access...

Page 16: ...f the information and support which is provided by the Utimaco IS GmbH Additional documentation can be found on the product CD in the documentation directory All CryptoServer product documentation is...

Page 17: ...Page 17...

Page 18: ...Integration Guide Bind 9 Page 18...

Page 19: ...Page 19...

Page 20: ...Contact Utimaco IS GmbH Germanusstra e 4 D 52080 Aachen Germany phone 49 241 1696 200 fax 49 241 1696 199 web https hsm utimaco com email support cs utimaco com...

Reviews:

No comments

Related manuals for Bind 9

ProLiant DL180 Gen10

Brand: HPE Pages: 10

Brand: ACTi Pages: 15

Brand: IBM Pages: 24

Brand: Sun Oracle Pages: 6

Brand: QNAP Pages: 58

BizNAS D400 Series

Brand: Tandberg Data Pages: 2

Brand: Tiger Technology Pages: 29

CallPilot 1005r

Brand: Nortel Pages: 74

Communication Server 100

Brand: Nortel Pages: 214

Brand: AXIOMTEK Pages: 45

Brand: PROXMOX Pages: 2

Brand: Planet Pages: 24

Brand: Black Box Pages: 60

Brand: Vitek Pages: 2

Brand: C Security Systems Pages: 14

Brand: Supero Pages: 130

Rackable C1110-RP6

Brand: Silicon Graphics Pages: 58

InfiniteStorage 3104

Brand: Silicon Graphics Pages: 64

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands