Install and configure the OpenSSL Engine

8min

this section describes how to install and configure the libp11 , opensc , and pkcs11 engine plugin for the openssl library the following list provides an overview of these libraries library description libp11 provides a high level (compared to the pkcs #11 library) interface for accessing pkcs #11 objects it integrates with applications that use openssl opensc provides a set of libraries and utilities to work with smart cards it focuses on cards that support cryptographic operations and facilitates their use in security applications such as authentication, mail encryption, and digital signatures pkcs11 engine plugin an engine plugin for the openssl library that allows accessing pkcs #11 modules in a semi transparent way install libp11 and opensc perform the following instructions to install libp11 and opensc on the supported operating systems ubuntu or debian perform the following steps to install libp11 and opensc on ubuntu or debian in a terminal, run the following sequence of commands to install libp11 and opensc sudo apt update sudo apt install libengine pkcs11 openssl sudo apt install opensc red hat or centos perform the following steps to install libp11 and opensc on red hat or centos in a terminal, run the following sequence of commands to install libp11 and opensc sudo yum check update sudo yum install openssl pkcs11 sudo yum install opensc edit the openssl configuration file perform the following steps to edit the openssl configuration file for ubuntu/debian based linux distributions and red hat/centos based distributions confirm the location of the pkcs11 so file on your system by running the following command in a terminal as root find / name "pkcs11 so" run the following command to determine the location of the openssl configuration file for the logged in user openssl version d open in a text editor to edit the openssl cnf file for the logged in user identified in the previous command if you prefer, you can edit the global openssl configuration file, /etc/ssl/openssl cnf add the following line at the top of the file, before any sections openssl conf = openssl init add the following text, based on your operating system, at the bottom of the file after modifying the module path and pin lines ubuntu 18 add the following lines on ubuntu 18 \[openssl init] engines=engine section \[engine section] pkcs11 = pkcs11 section \[pkcs11 section] engine id = pkcs11 dynamic path = /usr/lib/x86 64 linux gnu/engines 1 1/pkcs11 so module path = /usr/local/bin/fxpkcs11/libfxpkcs11 so pin = "safest" init = 0 centos 8 add the following lines on centos 8 \[openssl init] engines=engine section \[engine section] pkcs11 = pkcs11 section \[pkcs11 section] engine id = pkcs11 dynamic path = /usr/lib64/engines 1 1/pkcs11 so module path = /usr/local/bin/fxpkcs11/libfxpkcs11 so pin = "safest" init = 0 the module path must be set to the location of the {{futurex}} pkcs #11 module installation on your system the pin field must contain the password of the identity created on the {{k3}} for your integration

Edit the Futurex PKCS #11 configuration file

Configure Apache HTTP Server