Install and configure OpenSSL Engine

this section covers installing and configuring the following components of the openssl library library description libp11 provides a higher level interface (compared to the pkcs #11 library) for accessing pkcs #11 objects it integrates with applications that use openssl opensc provides a set of libraries and utilities to work with smart cards it focuses on cards that support cryptographic operations and facilitates their use in security applications such as authentication, mail encryption, and digital signatures pkcs11 engine plugin engine plugin for the openssl library that allows accessing pkcs #11 modules in a semi transparent way perform the following tasks to install and configure the openssl engine install libp11 and opensc edit the openssl configuration file install libp11 and opensc select your operating system and perform the installation steps ubuntu/debian in a terminal, run the following sequence of commands to install libp11 and opensc sudo apt update sudo apt install libengine pkcs11 openssl sudo apt install opensc red hat/centos in a terminal, run the following sequence of commands to install libp11 and opensc sudo yum check update sudo yum install openssl pkcs11 sudo yum install opensc edit the configuration file the following instructions are the same for ubuntu/debian based linux distributions and red hat/centos based distributions, except for the dynamic path define in the openssl cnf file on ubuntu 18, the location of the pkcs11 so file specified in the dynamic path define is shown in the following procedure on centos 8, the location of the pkcs11 so file is /usr/lib64/engines 1 1/pkcs11 so perform the following steps to edit the openssl configuration file to confirm the location of the pkcs11 so file on your system, run the following command in a terminal as root find / name "pkcs11 so" after you confirm the location, proceed with the following instructions to edit the openssl configuration file run the following command to determine the location of the openssl configuration file for the logged in user openssl version d if you prefer to edit your global openssl configuration file, its location is usually in /etc/ssl/openssl cnf open in a text editor the openssl cnf file inside the openssl directory that you identified in the preceding command put the following line at the top of the file before any sections are defined openssl conf = openssl init put the following text at the bottom of the file \[openssl init] engines=engine section \[engine section] pkcs11 = pkcs11 section \[pkcs11 section] engine id = pkcs11 dynamic path = /usr/lib/x86 64 linux gnu/engines 1 1/pkcs11 so module path = /usr/local/bin/fxpkcs11/libfxpkcs11 so pin = "safest" init = 0 the value set for module path must specify where you installed the {{futurex}} pkcs #11 module on your system you must set the password of the identity created on the {{ch}} for your specific integration in the pin field