Configure FxPKCS11 as a pkcs11-provider in OpenSSL

Edit the OpenSSL configuration file

This section explains how to configure the Futurex PKCS #11 library (FxPKCS11) to serve as a pkcs11-provider in OpenSSL.

Edit the OpenSSL configuration file

Perform the following steps to edit the OpenSSL configuration file:

Confirm the location of the pkcs11.so file on your system by running the following command in a terminal as root:

Shell

find / name "pkcs11.so"

Run the following command to determine the location of the OpenSSL configuration file for the logged-in user:

Shell

openssl version -d

Open a text editor to edit the openssl.cnf file identified in the previous command. If you prefer, you can edit the global OpenSSL configuration file, /etc/ssl/openssl.cnf.

Locate these lines:

None

[openssl_init]
providers = provider_sect

# List of providers to load
[provider_sect]
default = default_sect

[default_sect]
# activate = 1

Define the location of the pkcs11.so and libfxpkcs11.so files on your system, similar to what you see below (the actual paths might differ).

None

[openssl_init]
providers = provider_sect

# List of providers to load
[provider_sect]
default = default_sect
base = base_sect
pkcs11 = pkcs11_sect

[default_sect]
activate = 1

[base_sect]
activate = 1

[pkcs11_sect]
module = /usr/lib/x86_64-linux-gnu/ossl-modules/pkcs11.so
pkcs11-module-path = /usr/local/bin/fxpkcs11/libfxpkcs11.so
activate = 1

⌘I

​Edit the OpenSSL configuration file

Edit the OpenSSL configuration file