Using Cryptographic Adapters for Web Servers with Linux on IBM System z9 and zSeries
An IBM Redpaper publication
Note: This is publication is now archived. For reference only.
This IBM Redpaper describes how to configure Web servers (such as Apache2 and IBM HTTP server) to use hardware cryptographic devices in Linux running on IBM System z9 and zSeries platforms. Hardware cryptographic cards are used to improve SSL performance during SSL handshaking. RedHat Enterprise Linux Advanced Server and SUSE Linux Enterprise Server distributions include packages to use these crypto cards. This repaper documents configuration steps required to use hardware cryptographic acceleration for SSL HTTP transactions with Linux distributions.
Introduction
The z90crypt device driver
Exploiting hardware encryption
Software packaging for hardware cryptographic devices
Defining cryptographic hardware to the Linux or z/VM LPAR
Loading the z90crypt device driver
The OpenSSL engine interface
The OpenCryptoki PKCS#11 subsystem
Using cryptographic devices with SSL
Configuring cryptographic devices with Apache 2.0
Configuring cryptographic devices with IHS