Short Description: For use with SSL Cryptographic Accelerators
Starting in Notes/Domino 7, the SECManipulateSC API function can be used to push the server's RSA keypair from an SSL keyring file onto a cryptographic token that supports PKCS#11. This will cause all private key operations involving the server key to be performed upon the token. This cryptographic token can be a traditional smartcard (which will result in terrible performance issues) or an SSL cryptographic accelerator that provides a PKCS#11 interface.
The only cryptographic accelerator that has been tested with Notes/Domino 7 is the Rainbow CryptoSwift eCommerce Server Accelerator PCI CS400 model 2.2.6a, using the PKCS#11 DLL installed to c:\WINNT\system32\Cryptoki22.dll with the PKCS11_NO_HWCHECK=1 NOTES.INI variable set.
The Rainbow CryptoSwift eCommerce Server Accelerator fails to report that RSA cryptographic operations are performed in hardware. If you are having difficulty performing cryptographic operations (including importing X.509 certificates or exporting RSA keys) with this device, setting PKCS11_NO_HWCHECK=1 or PKCS11_TOKEN_BUGS=2 in the NOTES.INI file will activate a workaround in Notes/Domino for this problem.
In Domino 7, the server's ID file must be smartcard-enabled in order for the PushKyrKey operation to succeed.
PKCS11_NO_HWCHECK=0 / 1
There is no kown UI setting for this notes.ini variable. But you can specify this setting in the notes.ini settings tab of the configuration settings document.
Lotus Domino Administrator 7 Help