About Nginx
Nginx is a web server that can serve as a reverse proxy, load balancer, mail proxy, and hypertext transfer protocol (HTTP) cache. The software, created by Igor Sysoev and publicly released in 2004, is free and open-source, released under the terms of the 2-clause BSD license. A web server serves websites on the Internet by using the HTTP protocol. The primary job of all web servers is to accept requests from clients and send a response to that request, such as the components of the page that a visitor wants to see.Using HSMs to protect Nginx private keys
The Nginx server can work with private keys stored on HSMs, which helps prevent key disclosure and man-in-the-middle attacks. When Nginx handdles hypertext transfer protocol secure (HTTPS), it relies on theOpenSSL library to perform all Transport Layer Security and Secure Sockets Layer (TLS/SSL) cryptographic operations, which include:
- Private key usage
- Certificate validation
- Handshake negotiation
OpenSSL 3.0, the legacy engine interface has been officially deprecated in favor of the modern provider architecture, which enables modular, standardized cryptographic functionality, including native support for PKCS#11 via the pkcs11 provider.
To enable HSM integration, you must install the pkcs11-provider library by Latchset, a third-party plugin that bridges OpenSSL’s provider framework with Vectera Plus. This library is not distributed with OpenSSL by default, and it must be compiled from source.
Guardian integration
The Guardian Series 3 introduces mission-critical viability to core cryptographic infrastructure, including:- Centralization of device management
- Elimination of points of failure
- Distribution of transaction loads
- Group-specific function blocking
- User-defined grouping systems