I have a working OpenSSL RSA engine (i.e. a .so
file) and an Apache server configured in SSL mode.
How can I make Apache use RSA implementation from my RSA engine? In other words: Where do I put the engine (.so
file), how do I modify the openssl.cnf
file and how do I build the Apache?
Steps that worked for me:
1.Install OpenSSL from sources, specifying -DOPENSSL_LOAD_CONF
when running ./config
1.1.Create/build your OpenSSL engine and add it to your openssl.cnf
file
2.Install httpd from sources, using these commands:
CFLAGS='-DSSL_EXPERIMENTAL_ENGINE -DSSL_ENGINE -DOPENSSL_LOAD_CONF' ./configure --enable-ssl --with-ssl=/usr/local/ssl --with-pcre=/usr/local/pcre --enable-so
make
make install
2.1.Edit httpd-ssl.conf
by adding SSLCryptoDevice engine_id
and make sure that when execute $ openssl engine
, the engine_id
specifier appears on the list. Also, you have to create self-signed cerificate and private key, modify the httpd.conf
file, but this is not the subject of this question. Search: how to configure HTTPS on Apache.
3.$ httpd -k restart
and that is all.
EDIT
The place of .so
file (Openssl ENGINE) must be specified in openssl.cnf
.