Data protection
Nginx
Install and configure the OpenSSL engine
9min
this section covers the installation and configuration of libp11 , opensc, and the pkcs11 engine plugin for the openssl library the following list provides an overview of these three libraries library description libp11 provides a higher level (compared to the pkcs #11 library) interface to access pkcs #11 objects it integrates with applications that use openssl opensc provides a set of libraries and utilities to work with smart cards it focuses on cards that support cryptographic operations and facilitates their use in security applications such as authentication, mail encryption, and digital signatures pkcs11 engine plugin engine plugin for the openssl library that allows accessing pkcs #11 modules semi transparently install libp11 and opensc select your operating system to install these libraries ubuntu or debian in a terminal, run the following commands to install libp11 and opensc on ubuntu or debian sudo apt update sudo apt install libengine pkcs11 openssl sudo apt install opensc red hat or centos in a terminal, run the following commands to install libp11 and opensc on red hat or centos sudo yum check update sudo yum install openssl pkcs11 sudo yum install opensc edit the openssl configuration file select your operating system and perform the following instructions to edit the openssl configuration file ubuntu 18 perform the following steps to edit the openssl configuration file on ubuntu 18 to confirm the location of the pkcs11 so file on your system, run the following command in a terminal as root find / name "pkcs11 so" after you confirm the location, proceed with the following instructions to edit the openssl configuration file run the following command to determine the location of the openssl configuration file for the logged in user openssl version d if you prefer to edit your global openssl configuration file, its location is usually /etc/ssl/openssl cnf open the openssl cnf file in a text editor this file is inside the openssl directory determined from the previous command put the following line at the top of the file, before any sections are defined openssl conf = openssl init put the following text at the bottom of the file module path is the location of the {{futurex}} pkcs #11 module installed on your system pin is the password of the identity created on the {{k3}} for your specific integration \[openssl init] engines=engine section \[engine section] pkcs11 = pkcs11 section \[pkcs11 section] engine id = pkcs11 dynamic path = /usr/lib/x86 64 linux gnu/engines 1 1/pkcs11 so module path = /usr/local/bin/fxpkcs11/libfxpkcs11 so pin = "safest" init = 0 centos 8 perform the following steps to edit the openssl configuration file on centos 8 to confirm the location of the pkcs11 so file on your system, run the following command in a terminal as root find / name "pkcs11 so" after you confirm the location, proceed with the following instructions to edit the openssl configuration file run the following command to determine the location of the openssl configuration file for the logged in user openssl version d if you prefer to edit your global openssl configuration file, its location is usually /etc/ssl/openssl cnf open the openssl cnf file in a text editor find this file in the openssl directory determined from the previous command put the following line at the top of the file, before any sections are defined openssl conf = openssl init put the following text at the bottom of the file module path is the location of the {{futurex}} pkcs #11 module installed on your system pin is the password of the identity created on the {{k3}} for your specific integration \[openssl init] engines=engine section \[engine section] pkcs11 = pkcs11 section \[pkcs11 section] engine id = pkcs11 dynamic path = /usr/lib64/engines 1 1/pkcs11 so module path = /usr/local/bin/fxpkcs11/libfxpkcs11 so pin = "safest" init = 0