From Fedora Project Wiki
(Created page with "== Setting up server applications to use caml-crush-softhsm == For information on how to setup caml-crush-softhsm [http://pkgs.fedoraproject.org/cgit/caml-crush.git/tree/READ...") |
|||
| (4 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
= Setting up server applications to use caml-crush-softhsm = | |||
For information on how to setup caml-crush-softhsm [http://pkgs.fedoraproject.org/cgit/caml-crush.git/tree/README.fedora click here]. The rest of this section discusses how to configure specific daemons for caml-crush. | For information on how to setup caml-crush-softhsm [http://pkgs.fedoraproject.org/cgit/caml-crush.git/tree/README.fedora click here]. The rest of this section discusses how to configure specific daemons for caml-crush. | ||
=== lighttpd2 | == mod_nss == | ||
Follow the instructions in the [https://github.com/ANSSI-FR/caml-crush/wiki/mod_nss caml-crush wiki] about mod_nss. Remember to use /usr/lib64/pkcs11/libp11clientsofthsm.so as the token. | |||
== lighttpd2 == | |||
The minimum configuration file for lighttpd2 should contain the following. | The minimum configuration file for lighttpd2 should contain the following. | ||
<pre> | <pre> | ||
| Line 10: | Line 13: | ||
]; | ]; | ||
"pemfile" => ( | gnutls ( | ||
"priority" => "NORMAL:%SERVER_PRECEDENCE", | |||
"listen" => "0.0.0.0:443", | |||
"listen" => "[::]:443", | |||
"pin" => "XXXX", | |||
"pemfile" => ( | |||
"key" => "pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;token=System%20softtoken;type=private", | |||
"cert" => "pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;token=System%20softtoken;type=cert" | |||
) | |||
) | |||
</pre> | </pre> | ||
The exact PKCS #11 URLs can be seen using | The exact PKCS #11 URLs can be seen using | ||
Latest revision as of 13:06, 8 April 2015
Setting up server applications to use caml-crush-softhsm
For information on how to setup caml-crush-softhsm click here. The rest of this section discusses how to configure specific daemons for caml-crush.
mod_nss
Follow the instructions in the caml-crush wiki about mod_nss. Remember to use /usr/lib64/pkcs11/libp11clientsofthsm.so as the token.
lighttpd2
The minimum configuration file for lighttpd2 should contain the following.
module_load [
"mod_gnutls",
];
gnutls (
"priority" => "NORMAL:%SERVER_PRECEDENCE",
"listen" => "0.0.0.0:443",
"listen" => "[::]:443",
"pin" => "XXXX",
"pemfile" => (
"key" => "pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;token=System%20softtoken;type=private",
"cert" => "pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;token=System%20softtoken;type=cert"
)
)
The exact PKCS #11 URLs can be seen using
p11tool --list-all --login pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;token=System%20softtoken
Before running ensure that the user lighttpd2 runs with is on the pkcs11proxy group.