Configure FxPKCS11 as a pkcs11-provider in OpenSSL

this section explains how to configure the futurex pkcs #11 library (fxpkcs11) to serve as a pkcs11 provider in openssl edit the openssl configuration file perform the following steps to edit the openssl configuration file confirm the location of the pkcs11 so file on your system by running the following command in a terminal as root find / name "pkcs11 so" run the following command to determine the location of the openssl configuration file for the logged in user openssl version d open a text editor to edit the openssl cnf file identified in the previous command if you prefer, you can edit the global openssl configuration file, /etc/ssl/openssl cnf locate these lines \[openssl init] providers = provider sect \# list of providers to load \[provider sect] default = default sect \[default sect] \# activate = 1 define the location of the pkcs11 so and libfxpkcs11 so files on your system, similar to what you see below (the actual paths might differ) \[openssl init] providers = provider sect \# list of providers to load \[provider sect] default = default sect base = base sect pkcs11 = pkcs11 sect \[default sect] activate = 1 \[base sect] activate = 1 \[pkcs11 sect] module = /usr/lib/x86 64 linux gnu/ossl modules/pkcs11 so pkcs11 module path = /usr/local/bin/fxpkcs11/libfxpkcs11 so activate = 1