Apache HTTP Server
This document provides information about configuring the Futurex KMES Series 3 with Apache HTTP Server by using PKCS #11 libraries. For additional questions related to your KMES Series 3 device, see the relevant user guide.
Apache HTTP Server, typically referred to as Apache, is a free and open-source cross-platform web server software. Originally released in 1995, it is one of the oldest and most reliable web server software on the internet, running 67% of all web servers in the world. An open community of developers develops and maintains Apache under the auspices of the Apache Software Foundation.
The purpose of a web server is to serve websites on the internet. It accomplishes this by using the HTTP protocol. The primary job of all web servers is to accept requests from clients (such as a visitor's web browser) and then send the response to that request (for example, the components of the page that the visitor wants to see).
Apache can work with private keys stored on hardware security modules (HSMs), which helps to prevent key disclosure and man-in-the-middle attacks.
For secure communication through the HTTPS protocol, Apache uses the OpenSSL library. OpenSSL does not support PKCS #11 natively. To use HSMs, you have to install the openssl-pkcs11 package on CentOS or the libengine-pkcs11-openssl package on Ubuntu. These packages provide access to PKCS #11 modules through the engine interface. You can use a PKCS #11 URI instead of a regular file name to specify a server key and a certificate in the configuration file for the appropriate website.
To integrate KMES Series 3 with Apache, you must perform the following tasks:
- Install Futurex PKCS #11.
- Configure KMES Series 3.
- Edit the Futurex PKCS #11 configuration file.
- Install and configure the OpenSSL Engine.
- Configure Apache HTTP Server
The following sections describe how to perform these tasks.