NGINX

this document provides information on configuring our hsms with nginx by using {{futurex}} pkcs #11 libraries for additional details about your hsm, see the relevant user guide about nginx nginx is a web server that can serve as a reverse proxy, load balancer, mail proxy, and http cache the software, created by igor sysoev and publicly released in 2004, is free and open source, released under the terms of the 2 clause bsd license a web server serves websites on the internet by using the http protocol the primary job of all web servers is to accept requests from clients and send a response to that request, such as the components of the page that a visitor wants to see using hsms to protect nginx private keys the nginx server can work with private keys stored on hardware security modules (hsms), which helps to prevent key disclosure and man in the middle attacks for secure communication with the https protocol, the nginx server uses the openssl library however, openssl does not support pkcs #11 natively to use hsms, install the openssl pkcs11 package on centos or the libenginepkcs11 openssl package on ubuntu these packages provide access to pkcs #11 modules through the engine interface you can use a pkcs #11 uri instead of a regular file name to specify a server key and use a certificate in the configuration file for the appropriate website guardian integration the {{guard}} introduces mission critical viability to core cryptographic infrastructure, including centralization of device management elimination of points of failure distribution of transaction loads group specific function blocking user defined grouping systems see the applicable guide in the {{futurex}} portal for configuring hsms with the {{guard}} , including pkcs #11 and cng configuration