Utimaco Bind 9 Integration Manual Download Page 9 | Manualshive

Page: 9 / 20

background image

# p11tool2 Login=ADMIN,:cs2:cyb:USB0 slot=0 InitToken=123456

# p11tool2 slot=0 LoginSO=123456 InitPin=utimaco123

Here the

InitPin

parameter determines the PKCS#11 user pin of a slot. This pin will be used later in

this document for the PKCS#11 user authentication.

4.3 Patch and Build OpenSSL

Building OpenSSL from source code will enable PKCS#11 support. As BIND uses OpenSSL for its

cryptographic operations BIND will also be able to use PKCS#11 as cryptographic interface. The

source code of OpenSSL needs to be patched to enable OpenSSL to interface with PKCS#11. The

patch is bundled with the BIND source code. Download and extract the sources for

OpenSSL

2

and

Bind 9

3

ﬁrst.

4.3.1 Linux

1. Apply the patch

• Bind 9.7.2

./bind-9.7.2-P3/bin/pkcs11/openssl-0.9.8l-patch

to OpenSSL by switching to the

OpenSSL directory and running the command

# patch -p1 < path-to/openssl-0.9.8l-patch

• Bind 9.10.2

./bind-9.10.2-P1/bin/pkcs11/openssl-1.0.1j-patch

to OpenSSL by switching to

the OpenSSL directory and running the command

# patch -p1 < path-to/openssl-1.0.1j-patch

2. Conﬁgure OpenSSL on 32 bit machine

# ./Configure linux-generic32 -m32 -pthread \

--pk11-libname=/usr/lib/cryptoserver/libcs2_pkcsll.so \

--pk11-flavor=crypto-accelerator \

--prefix=/opt/openssl-p11

2

OpenSSL - http://www.openssl.org/source/

3

Bind 9 - http://www.isc.org/software/bind

Page 9

«
...
7
8
9
10
11
...
»

Summary of Contents for Bind 9

Page 1: ...Integration Guide Bind 9 Linux 3 19 Microsoft Windows Server 2008...

Page 2: ...rved No part of this documentation may be reproduced in any form printing photocopy or according to any other process without the written approval of Utimaco IS GmbH or be processed reproduced or dist...

Page 3: ...s 7 4 1 Con gure PKCS 11 Environment 7 4 1 1 Linux 7 4 1 2 Microsoft Windows 7 4 1 3 Adjust Con guration File 7 4 2 Test PKCS 11 Environment 8 4 3 Patch and Build OpenSSL 9 4 3 1 Linux 9 4 3 2 Microso...

Page 4: ...et The original design of the Domain Name System did not include any security Instead it was developed as a simple scalable distributed system The Domain Name System Security Extensions DNSSEC attempt...

Page 5: ...eries S Series Se Series PCI CryptoServer CS Series S Series Se Series LAN CryptoServer Simulator CS Se HSM Firmware CryptoServer 2 50 Software CryptoServer 2 50 Linux 3 19 Ubuntu 15 04 amd64 Microsof...

Page 6: ...I LAN Installation Operating manual There is no need to install any software speci c for running CryptoServer 3 2 Install CryptoServer Software The CryptoServer software this includes administrative t...

Page 7: ...soft Windows operating system Therefore the procedures to setup the PKCS 11 respectively PKCS 11 R2 environment is described separately 4 1 1 Linux The PKCS 11 library and con guration les for Linux o...

Page 8: ...g Installation Manual For debugging purposes change the parameter Logging from value 0 which means no logging to 15 respectively 5 for PKCS 11 R2 to provide full logging details 4 2 Test PKCS 11 Envir...

Page 9: ...PKCS 11 The patch is bundled with the BIND source code Download and extract the sources for OpenSSL 2 and Bind 93 rst 4 3 1 Linux 1 Apply the patch Bind 9 7 2 bind 9 7 2 P3 bin pkcs11 openssl 0 9 8l...

Page 10: ...some errors occur at this point recheck the con guration 4 Check the availability of the engine by running the command apps openssl engine pkcs11 t 5 Install OpenSSL binary make install To make the mo...

Page 11: ...patch is used sign only or crypto accelerator The optional pre x parameter would point to the directory where the libraries and the OpenSSL con guration le are additionally copied during the installa...

Page 12: ...ine configure CC gcc m32 enable threads with openssl opt openssl p11 with pkcs11 usr lib cryptoserver libcs2_pkcs11 so If you are on a 64 bit machine con gure BIND via configure CC gcc m64 enable thre...

Page 13: ...prepares the contents of Build Release directory for BIND installation with mod i ed OpenSSL libraries 3 Install BIND from the Build Release folder Further steps usually concern general con guration...

Page 14: ...more You will be prompted to enter the user pin for the PKCS 11 slot 2 Switch to the default folder for zone les and generate the key les for BIND dnssec keyfromlabel l ksk f KSK utimaco com dnssec k...

Page 15: ...ones or new records inserted via nsupdate Therefore named requires access to the private key unattended from user interaction For PKCS 11 you have to provide the user pin of the PKCS 11 slot to access...

Page 16: ...f the information and support which is provided by the Utimaco IS GmbH Additional documentation can be found on the product CD in the documentation directory All CryptoServer product documentation is...

Page 17: ...Page 17...

Page 18: ...Integration Guide Bind 9 Page 18...

Page 19: ...Page 19...

Page 20: ...Contact Utimaco IS GmbH Germanusstra e 4 D 52080 Aachen Germany phone 49 241 1696 200 fax 49 241 1696 199 web https hsm utimaco com email support cs utimaco com...

Reviews:

No comments

Related manuals for Bind 9

Brand: AIC Pages: 52

Brand: Xerox Pages: 24

DocuColor 7000AP

Brand: Xerox Pages: 36

HS21 XM BLADECENTER - L5408 FOR SPEC CPU2006

Brand: IBM Pages: 1

Brand: HPE Pages: 58

Brand: MSI Pages: 54

SUPERSERVER 6015C-NT

Brand: Supermicro Pages: 110

1-Port USB Print Server

Brand: IBM Pages: 15

EonServ 7000 Series

Brand: Infotrend Pages: 2

Brand: Digi Pages: 118

Windows Server 2008 R2

Brand: HP Pages: 18

TruCluster Server V5.1B-1

Brand: HP Pages: 19

Brand: HP Pages: 24

Virtual Connect FlexFabric-20/40 F8 Module

Brand: HP Pages: 23

ProLiant SL335s G7

Brand: HP Pages: 2

Brand: HP Pages: 36

ProLiant SL2500 Gen8

Brand: HP Pages: 4

Brand: HP Pages: 11

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands