apacheopensslmod-sslopenssl-engine

Configure Apache server to use specific OpenSSL Engine


I have a working OpenSSL RSA engine (i.e. a .so file) and an Apache server configured in SSL mode.
How can I make Apache use RSA implementation from my RSA engine? In other words: Where do I put the engine (.so file), how do I modify the openssl.cnf file and how do I build the Apache?


Solution

  • Steps that worked for me:

    1.Install OpenSSL from sources, specifying -DOPENSSL_LOAD_CONF when running ./config
    1.1.Create/build your OpenSSL engine and add it to your openssl.cnf file
    2.Install httpd from sources, using these commands:

    CFLAGS='-DSSL_EXPERIMENTAL_ENGINE -DSSL_ENGINE -DOPENSSL_LOAD_CONF' ./configure --enable-ssl --with-ssl=/usr/local/ssl --with-pcre=/usr/local/pcre --enable-so      
    make       
    make install
    

    2.1.Edit httpd-ssl.conf by adding SSLCryptoDevice engine_id and make sure that when execute $ openssl engine, the engine_id specifier appears on the list. Also, you have to create self-signed cerificate and private key, modify the httpd.conf file, but this is not the subject of this question. Search: how to configure HTTPS on Apache.
    3.$ httpd -k restart and that is all.

    EDIT
    The place of .so file (Openssl ENGINE) must be specified in openssl.cnf.