From Fedora Project Wiki
 
(3 intermediate revisions by the same user not shown)
Line 2: Line 2:


For information on how to setup caml-crush-softhsm [http://pkgs.fedoraproject.org/cgit/caml-crush.git/tree/README.fedora click here]. The rest of this section discusses how to configure specific daemons for caml-crush.
For information on how to setup caml-crush-softhsm [http://pkgs.fedoraproject.org/cgit/caml-crush.git/tree/README.fedora click here]. The rest of this section discusses how to configure specific daemons for caml-crush.
== mod_nss ==
Follow the instructions in the [https://github.com/ANSSI-FR/caml-crush/wiki/mod_nss caml-crush wiki] about mod_nss. Remember to use /usr/lib64/pkcs11/libp11clientsofthsm.so as the token.


== lighttpd2 ==
== lighttpd2 ==
Line 10: Line 13:
     ];
     ];


     "pemfile" => (
     gnutls (
        "key" => "pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;token=System%20softtoken;type=private",
        "priority" => "NORMAL:%SERVER_PRECEDENCE",
        "cert" => "pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;token=System%20softtoken;type=cert"
        "listen" => "0.0.0.0:443",
    )
        "listen" => "[::]:443",
        "pin" => "XXXX",
 
        "pemfile" => (
            "key" => "pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;token=System%20softtoken;type=private",
            "cert" => "pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;token=System%20softtoken;type=cert"
        )
    )
</pre>
</pre>
The exact PKCS #11 URLs can be seen using  
The exact PKCS #11 URLs can be seen using  

Latest revision as of 13:06, 8 April 2015

Setting up server applications to use caml-crush-softhsm

For information on how to setup caml-crush-softhsm click here. The rest of this section discusses how to configure specific daemons for caml-crush.

mod_nss

Follow the instructions in the caml-crush wiki about mod_nss. Remember to use /usr/lib64/pkcs11/libp11clientsofthsm.so as the token.

lighttpd2

The minimum configuration file for lighttpd2 should contain the following.

    module_load [
        "mod_gnutls",
    ];

    gnutls (
        "priority" => "NORMAL:%SERVER_PRECEDENCE",
        "listen" => "0.0.0.0:443",
        "listen" => "[::]:443",
        "pin" => "XXXX",

        "pemfile" => (
            "key" => "pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;token=System%20softtoken;type=private",
            "cert" => "pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;token=System%20softtoken;type=cert"
        )
    )

The exact PKCS #11 URLs can be seen using

p11tool --list-all --login pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;token=System%20softtoken

Before running ensure that the user lighttpd2 runs with is on the pkcs11proxy group.