Configuration

Configure the CNG API

  1. Select Windows Start > Entrust > CNG configuration wizard. The nshield CNG Providers Configuration Wizard opens.

    Select Next twice.

  2. Select Use the existing security world if one was created in Install the Security World software and create a Security World.

    Select Next twice.

  3. Select Module Protection, then select Next twice and then select Finish.

  4. Run certutil -csptest on a command window

  5. Search for Provider Name: nCipher in the file created above, and make sure that it shows Pass.

Copy

For example

Provider Name: nCipher Security World Key Storage Provider
Name: nCipher Security World Key Storage Provider
HWND Handle:Binary:
0000 00 00 00 00 00 00 00 00 ........
Impl Type: 17 (0x11)
NCRYPT_IMPL_HARDWARE_FLAG -- 1
NCRYPT_IMPL_HARDWARE_RNG_FLAG -- 10 (16)
Version: 786512 (0xc0050)
Pass
...

Configure PKCS #11

There is a known issue with PKCS #11 integration. When doing an iisreset or app pool recycle, there is a race condition that happens intermittently that prevents the intergration from working smoothly. Thus, we do not recommend using the PKCS#11 API Type.

Copy the PKCS #11 dll to the Secret Server pkcs11 folder:

  1. Copy the cknfast.dll from C:\Program Files\nCipher\nfast\toolkits\pkcs11

  2. Paste it in the pkcs11 folder here C:\inetpub\wwwroot\SecretServer\pkcs11

Update the cknfastrc file:

  1. Navigate to C:\Program Files\nCipher\nfast

  2. Add CKNFAST_FAKE_ACCELERATOR_LOGIN=1 to cknfastrc file