Data protection

Apache HTTP Server

3min

This document provides information about using

 PKCS #11 libraries to configure our HSMs with Apache HTTP Server. For additional questions related to your HSM, see the relevant user guide.

About Apache HTTP Server

Apache HTTP Server, typically referred to as Apache, is a free and open-source cross-platform web server software. Originally released in 1995, it is one of the oldest and most reliable web server software on the internet, running 67% of all web servers worldwide. An open community of developers develops and maintains Apache with the guidance of the Apache Software Foundation.

What is a web server?

The purpose of a web server is to serve websites on the internet. It accomplishes this though HTTP protocol. The primary job of all web servers is to accept requests from clients and send a response to that request, such as the components of the page that a visitor wants to see.

Using HSMs to protect Apache Server private keys

The Apache HTTP Server can work with private keys stored on HSMs, which helps to prevent accidental key disclosure and man-in-the-middle attacks.

For secure communication with the HTTPS protocol, the Apache HTTP server uses the OpenSSL library, but OpenSSL does not support PKCS #11 natively. To use HSMs, install the openssl-pkcs11 package on CentOS or the libengine-pkcs11-openssl package on Ubuntu. These packages provide access to PKCS #11 modules through the engine interface. You can use a PKCS #11 URI instead of a regular file name to specify a server key and use a certificate in the configuration file for the appropriate website.

Guardian integration