Hardware Cryptographic Accelerators318 Netscape Certificate Management System Administrator’s Guide • June 2003Hardware Cryptographic AcceleratorsCertificate Management System allows you to use hardware cryptographicaccelerators with external tokens. Many of the accelerators provide the followingsecurity features:• Fast SSL connections—speed is important if you want your CertificateManager, Registration Manager, or Data Recovery Manager to be able toaccommodate a high number of simultaneous enrollment or service requests.• Hardware protection of private keys—these devices behave like smart cards, inthat they do not allow the private keys to be copied or removed from thehardware token. This is important if you are concerned about the risksassociated with key theft from an active attacker of your online RegistrationManager or Certificate Manager.Configuring the Server’s Security PreferencesConfiguring a CMS manager’s security preferences involves identifying thefollowing:• The SSL server certificates a server must use for authenticating to the endentity, agent, and administration interfaces. For details, see “Configuring theServer to Use Separate SSL Server Certificates” on page 319.• The SSL client certificate a Certificate Manager must use for authenticating tothe publishing directory (if the Certificate Manager is configured to publishcertificates and CRLs to the directory). For details, see “Getting an SSL ClientCertificate for a Subsystem” on page 320.• The version of SSL that an instance of CMS must use during SSLcommunication. The latest version is SSL version 3, but many older clients useSSL version 2. Because client authentication is required for performingprivileged operations, you must enable SSL version 3 ciphers supported byCMS. For details, see “Configuring the Server’s Security Preferences,” on page318.