From Fedora Project Wiki
No edit summary |
No edit summary |
||
Line 14: | Line 14: | ||
"listen" => "0.0.0.0:443", | "listen" => "0.0.0.0:443", | ||
"listen" => "[::]:443", | "listen" => "[::]:443", | ||
"pin" => " | "pin" => "XXXX", | ||
"pemfile" => ( | "pemfile" => ( |
Revision as of 14:43, 2 April 2015
Setting up server applications to use caml-crush-softhsm
For information on how to setup caml-crush-softhsm click here. The rest of this section discusses how to configure specific daemons for caml-crush.
lighttpd2
The minimum configuration file for lighttpd2 should contain the following.
module_load [ "mod_gnutls", ]; gnutls ( "priority" => "NORMAL:%SERVER_PRECEDENCE", "listen" => "0.0.0.0:443", "listen" => "[::]:443", "pin" => "XXXX", "pemfile" => ( "key" => "pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;token=System%20softtoken;type=private", "cert" => "pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;token=System%20softtoken;type=cert" ) )
The exact PKCS #11 URLs can be seen using
p11tool --list-all --login pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;token=System%20softtoken
Before running ensure that the user lighttpd2 runs with is on the pkcs11proxy group.