Edit the configuration file for OpenSSL. The path of the configuration file can be found with this command:
$openssl version -d
For Ubuntu, the configuration file is: /etc/ssl/openssl.cfg
Add this line at the beginning of the file, before any section starts:
openssl_conf = openssl_init
Add the following lines at the end of the file:
[openssl_init]
engines=engine_section
[engine_section]
pkcs11 = pkcs11_section
[pkcs11_section]
engine_id = pkcs11
dynamic_path = /usr/lib/x86_64-linux-gnu/engines-1.1/cs_pkcs11.so
MODULE_PATH = /usr/lib/libcs_pkcs11_R3.so
init = 0
For the dynamic_path, use the engine path and the engine file used when the cs_pkcs11.so engine was installed.
For Red Hat-based distributions, the dynamic path is this: /usr/lib/ssl/engines/cs_pkcs11.so