Docstoc

Setup Guide

Document Sample
Setup Guide Powered By Docstoc
					                Driver & CSP Setup Guide (Release 1.1)

           (Nitrox driver, Cavium SSL csp and IIS configuration)


The release contains the following directories:

   -   driver : driver and supported files
   -   tester : programs (NitroxTester.exe and SSLRSA.exe) to test the driver and the
       csp
   -   sslcsp : csp and supported files
   -   docs – nitrox and csp related documents

Before the installation, unzip and copy all these directories to a local directory (let‟s say
c:\install for future references).

The driver and the csp will work on Win2000, Win XP and Win 2003. They will also
work for both 3.3 volt and 5 volt Nitrox boards.


1. Installing the driver (Win2003):

   -   Shutdown the system and plug in the Nitrox accelerator board.
   -   Start the system. It will detect the board and the installation wizard will come up.
       (you can also use the add hardware wizard instead).
   -   Select the advanced option.
   -   When asked, specify the location where the driver files are. (e.g. c:\install\driver).
       The wizard will pick up the inf file and will install the supported files.
   -   After the installation completes, check the device manager to make sure the driver
       has been installed properly.
   -   Various driver settings can be configured before and after the installation. Refer
       to „Nitrox-Installatoin And User Guide.doc‟ document in the „docs‟ folder.
   -   If the driver installation fails, read the section „Configuring after installation‟ and
       get the LastError code. The error code can either be looked up in the source code
       or can be asked by sending e-mail to „support@cavium.com‟ [The error codes
       will be documented in the „Nitrox-Installatoin And User Guide.doc‟ soon].


2. Testing the driver:

   -   Once the driver has been installed and is shown in the device manager, the test
       program „NitroxTester.exe‟ in the „tester‟ folder can be run to make sure the
       driver is working.
   -   The program performs three operations – Random number generation, 3DES and
       AES encryption/decryption. If you see the results of all three operations without
       any error message, the driver is working. If you get an error message, there is a
       problem with the driver installation. Re-install the driver and refer to the „Nitrox-
       Installatoin And User Guide.doc‟ for how to get the error code if driver fails.



3. Installing the Cavium SSL CSP:

   -   Run the bat file called „run.bat‟ in the „sslcsp‟ folder. (c:\install\sslcsp\run.bat).
   -   This will install the csp and add the corresponding eateries in the registry.
   -   You can check whether the csp has been installed correctly or not by looking at
       the registry entries. (See the section „Registry Entries and Control flags‟ of the
       document „CaviumCsp-Reference.doc‟).
   -   Note: Cavium provides two different csps. This section only explained how to
       setup the Cavium SSL csp.


4. Testing the Cavium SSL CSP:

   -   Once the csp has been installed and is shown in the registry, the test program
       „SSLRSA.exe‟ in the „tester‟ folder can be run to make sure the csp is running.
   -   Select the option number 2 or 3 (Using Cavium csp) and make sure that valid
       results are returned and no error is reported. If the test returns en error, this is an
       indication that the csp is not working. Go through the cps installation procedure
       again.



5. Setting up IIS:

5.1 Setting up IIS 6.0

5.1.1 IIS6 configuration:

   -   Right click on the web site you want to run the csp for->Properties and set the
       following:

       web site:
       Uncheck Enable HTTP keep alives
       Uncheck Enable logging
       SSL port should be 443
       TCP port should be 80

       Performance:
       Uncheck limit the network bandwidth
       Unlimited website connections
       Documents:
       Check „enable default content page‟, and make sure that the default page is
       present (for testing the default page was „default.htm‟)


5.1.2 IIS6 Certificate Request Generation:

   -   Make sure the cavium rsa schannel csp is configured in the registry and its
       EnableLog property is 0.
   -   Launch IIS 6.0
   -   Click Websites -> website for which you want to get a new certificate for. (in my
       case it was the default website).
   -   Right click -> Properties
   -   Go to directory Security-> server certificate
   -   Next -> create new certificate (make sure to remove the existing certificate first, if
       there is any)
   -   Prepare request now but sent it later
   -   Type name of the certificate and select key length (1024)
   -   Check the 'select the cryptographic provider' and select the cavium rsa schannel
       csp.
   -   Enter organization and unit
   -   Enter Site common name
   -   Enter country, region, state, city etc.
   -   Enter file name to store the certificate request.
   -   Click Finish button.


5.1.3 Certificate Generation by a CA:

Now the certificate request has been stored in a file. You have to send this request to a
CA, get the response and store it in another file. In order to send it to a local CA, follow
these steps:

   -   A certification authority (CA) must be installed on a server and you can access it.
   -   In IE, type “http://<server name or ip address>/CertSrv” to make sure that the
       server is accessible. (server name is the name of the server running the CA).
   -   Select 'Request a certificate', press Next.
   -   Select 'Advanced request', and then press next.
   -   Select 'Submit a certificate request using a base64 encoding', press next.
   -   Copy and paste the saved certificate request and submit.
   -   Once the certificate has been generated by the CA. download the CA certificate
       and save it locally.


5.1.4 IIS6 Certificate Installation:

Follow these steps to install the newly generated certificate in IIS 6.
   -   Go back to IIS and right click website -> website for which the certificate request
       was generated -> properties.
   -   Select Directory security -> server certificate.
   -   Process the pending request.
   -   Specify the file name containing the certificate when asked.
   -   Select SSL port number (443).
   -   Finish


5.2 Setting up IIS 5.0

5.2.1 IIS5 configuration:

   -   Right click on the web site you want to run the csp for->Properties and set the
       options accordingly – make sure that the file logging is disabled to get higher
       performance.

5.2.2 IIS5 Certificate Request Generation:
    - Open the registry editor (start -> run -> regedit)
    - Note down the following registry key settings (Name and TypeName):
      HKLM\Software\Microsoft\Cryptography\Provider Types\012\

   -   Now modify this registry setting:
       HKLM\Software\Microsoft\Cryptography\Provider Types\012\
               Name : change it to Cavium RSA Schannel Cryptographic Provider (make
               sure it matches with the name in \Defaults\Providers - it is very important)
               TypeName : change it to Cavium RSA Schannel Cryptographic Provider
               (make sure it matches with the name in \Defaults\Providers)
   -   Launch IIS 5.0
   -   Click Web sites -> website for which you want to get a new certificate for.
   -   Right click -> Properties
   -   Go to directory Security-> server certificate.
   -   Click 'Server Certificate'. This will display the certificate wizard.
   -   Type name of the certificate and select key length (1024)
   -   Generate a request for the certificate and save it in a file.

   Now follow the steps mentioned in section 5.1.3 to get the certificate.


5.2.3 IIS5 Certificate Installation:
Follow these steps to install the newly generated certificate in IIS 5.

   -   Go back to IIS and right click website -> website for which the certificate request
       was generated -> properties.
   -   Select Directory security -> server certificate.
   -   Process the pending request.
   -   Specify the file name containing the certificate when asked.
   -   Finish.
   -   Open the registry editor (start -> run -> regedit)
   -   Change the following registry settings and make Windows SSL csp as the default
       type 012 csp (change the Name and TypeName to the ones noted in Certificate
       Request Generation procedure).
       HKLM\Software\Microsoft\Cryptography\Provider Types\012\
               Name : change it to Microsoft Rsa Schannel Cryptographic Provider
               (make sure it matches with the name in \Defaults\Providers - it is very
               important)
               TypeName : Rsa Schannel

   -   Close IIS5 and reboot the machine. After boot up, the IIS5 will use the new
       certificate.
   -   Check that IIS5 is running the recently generated certificate.




Now the new certificate has been imported. Check if its name is correct (Directory
security -> view certificate). If everything is fine, reboot the machine running IIS (you
may not need to do this).

You can test the IIS setup by doing an https:// from another machine to the machine
running the csp. You should be able to see your default web page. If you cannot see the
default page and the IE says 'Page cannot be displayed', it means that the csp is not
running. Check the entries in the registry and run the csp test program again.

Now you can run your tests on IIS and it will use the Cavium ssl csp.


6. Test setup used for IIS 6 testing:
We used WebBench client and server software. The requests generated by the clients are
TLS1.0 with no session resumption. You can also use SSL3.0. A single request from the
client performs a full SSL handshake, fetch the 'Default.htm' [1kb] and then terminates
the connection.

				
DOCUMENT INFO
Shared By:
Categories:
Stats:
views:16
posted:5/3/2011
language:Norwegian
pages:5