Nginx
This document provides information about configuring the Futurex KMES Series 3 with Nginx by using Futurex PKCS #11 libraries. For additional questions about your KMES Series 3, see the relevant user guide.
Nginx is a web server that you can also use as a reverse proxy, load balancer, mail proxy, and HTTP cache. The software was created by Igor Sysoev and publicly released in 2004. Nginx is free and open-source software, released under the terms of the 2-clause BSD license.
A web server serves websites on the Internet by using HTTP protocol. The primary job of all web servers is to accept requests from clients and send a response to that request (such as the components of the page that a visitor wants to see).
The Nginx Server can work with private keys stored on the KMES Series 3, which helps to prevent disclosure of the keys and man-in-the-middle attacks.
For secure communication with the HTTPS protocol, the Nginx server uses the OpenSSL library. OpenSSL does not support PKCS #11 natively. To use HSMs, install the openssl-pkcs11 package on CentOS or the libenginepkcs11-openssl package on Ubuntu. These packages provide access to PKCS #11 modules through the engine interface. You can use a PKCS #11 URI instead of a regular file name to specify a server key and use a certificate in the configuration file for the appropriate website.
This guide shows you how to perform the following tasks:
- Install Futurex PKCS #11.
- Configure the KMES Series 3.
- Edit the Futurex PKCS #11 configuration file.
- Install and configure the OpenSSL engine.
- Configure the Nginx Server.
The following sections show you how to perform these tasks.