NGINX
This document provides information about configuring Futurex HSMs with Nginx using Futurex PKCS #11 libraries. For additional questions related to your HSM, see the relevant user guide.
Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache. The software was created by Igor Sysoev and publicly released in 2004. Nginx is free and open-source software, released under the terms of the 2-clause BSD license.
The purpose of a web server is to serve websites on the internet. It accomplishes this via HTTP protocol. The primary job of all web servers is to accept requests from clients and send a response to that request (such as the components of the page that a visitor wants to see).
The Nginx Server can work with private keys stored on hardware security modules (HSMs), which helps to prevent the keys' disclosure and man-in-the-middle attacks.
For secure communication with the HTTPS protocol, the Nginx server uses the OpenSSL library. OpenSSL does not support PKCS #11 natively. To utilize HSMs, install the openssl-pkcs11 package on CentOS or the libenginepkcs11-openssl package in Ubuntu. These packages provide access to PKCS #11 modules through the engine interface. You can use a PKCS #11 URI instead of a regular file name to specify a server key, and use a certificate in the configuration file for the appropriate website.
The Guardian Series 3 introduces mission-critical viability to core cryptographic infrastructure, including:
- Centralization of device management
- Elimination of points of failure
- Distribution of transaction loads
- Group-specific function blocking
- User-defined grouping systems
Please see the applicable guide in the Futurex Portal, which covers how to use the Guardian Series 3 to configure HSMs for PKCS #11 integrations.