These installation instructions apply to the nCipher Key Management series of boards to work with the Tealeaf CX Passive Capture Application.
Requirements
Complete the following installation requirements:
- nShield 6000e HSM
- nCipher software version 11.40
- Validated Linux™ platforms
Note: If you are using a 64-bit operating system, 32-bit libraries must be installed.
Although these instructions are not validated on nCipher software and Linux platforms, they must also work for older nForce/nFast/nShield 4000 series cards.
- These boards can be used for SSL acceleration only, but SSL keys are still required for proper operation.
- You can use other nCipher boards that support only SSL acceleration (no Key Management). The drivers must work transparently with OpenSSL (such as the CHIL library driver) and must be configured to auto-recognize OpenSSL upon startup. Verify that the installation works on system reboot, too.
- If the nCipher card is to be used as an HSM keystore, then an nCipher Security World must be created.
Note: The following optional steps assume that you are familiar with nCipher key management software. These steps are only a general reference and are not a step-by-step procedure for installation. When possible, enlist nCipher Support help with the software installation as it typically requires compiling their drivers on the host system.
Prerequisites
Note: The following information assumes that you haven't installed the CX Passive Capture Application. If you installed the PCA already, you must stop the PCA during the time you that install and integrate the nCipher software.
Before you begin, verify or complete the following.
- The nCipher kernel driver requires a Linux platform, so you must perform this build on a Linux development environment. Try building on the expected production machine first to determine if it is sufficient for driver creation.
Note: For the Redhat RHEL 5.6 64-bit platform, the nCipher kernel driver must be built for 64-bit operating systems. The PCA software is a 32-bit application. The nCipher intercommunication library (
libnfhwcrhk.so
) must also be 32-bit. To verify thatlibnfhwcrhk.so
is 32-bit, runfile libnfhwcrhk.so
from a command prompt. - After the driver (
nfp.ko
) builds, apply the builtnfp.ko
driver and the corresponding nCipher start script software to the production computer for installation and deployment.Note: For more information, see the nCipher/Thales documentation.