To make OpenSSL work with the PKCS#11 engine, the configuration file of OpenSSL has to be modified. The configuration file location can be determined using this command:
|
|
In the path given by the previous command should be the configuration file for the OpenSSL, usually called openssl.cfg. In this file, some items need to be added, see https://github.com/OpenSC/libp11#pkcs-11-module-configuration . At the beginning of the file, add this line before any other section:
openssl_conf = openssl _init
Add these lines at the bottom of the file:
[openssl_init]
engines=engine_section
[engine_section]
pkcs11 = pkcs11_section
[pkcs11_section]
engine_id = pkcs11
dynamic_path = /usr/lib/x86_64-linux-gnu/engines-1.1/libpkcs11.so
MODULE_PATH = /usr/lib/libcs_pkcs11_R3.so
init = 0
The default path where the engines for OpenSSL are located (used for dynamic_path) can be found with this command:
|
|
For Red Hat-based distributions the dynamic path is usually this: /usr/lib/ssl/engines/libpkcs11.so