Install and configure the OpenSSL engine
This section covers the installation and configuration of libp11, OpenSC, and the PKCS11 engine plugin for the OpenSSL library. The following list provides an overview of these three libraries:
Library
Description
libp11
Provides a higher-level (compared to the PKCS #11 library) interface to access PKCS #11 objects. It integrates with applications that use OpenSSL.
OpenSC
Provides a set of libraries and utilities to work with smart cards. It focuses on cards that support cryptographic operations and facilitates their use in security applications such as authentication, mail encryption, and digital signatures.
PKCS11 engine plugin
Engine plugin for the OpenSSL library that allows accessing PKCS #11 modules in a semi-transparent way.
Select your operating system to install these libraries:
In a terminal, run the following commands to install libp11 and OpenSC:
Select your operating system and perform the following instructions to edit the OpenSSL configuration file:
To confirm the location of the pkcs11.so file on your system, run the following command in a terminal as root:
After you confirm the location, proceed with the following instructions to edit the OpenSSL configuration file.
Run the following command to determine the location of the OpenSSL configuration file for the logged-in user:
If you prefer to edit your global OpenSSL configuration file, its location is usually /etc/ssl/openssl.cnf
Open in a text editor the openssl.cnf file that is inside of the OpenSSL directory determined from the previous command.
Put the following line at the top of the file, before any sections are defined:
Put the following text at the bottom of the file:
MODULE_PATH is the location of the Futurex PKCS #11 module installed on your system.
PIN is the password of the identity created on the KMES Series 3 for your specific integration.