------- Comment From <email address hidden> 2024-03-07 02:42 EDT-------
You can also try with Opencryptoki instead of SoftHSM. Opencryptoki provides a soft token, wich also can be used on non-s390x platforms. Please make sure you use Opencryptoki 3.23.0. This release should be in 24.04 anyway.
Note: I would NOT recommend to use 'openssl -provider xxxx', but configure the provider in the OpenSSL config file (needed anyway), and thus have the provider loaded automatically. When using 'openssl -provider xxxx' it might happen that algos that are not provided by the specified provider are not available. You really want to use the PKCS#11 provider ONLY for operations with the signing key, but not for anything else.
------- Comment From <email address hidden> 2024-03-07 02:42 EDT-------
You can also try with Opencryptoki instead of SoftHSM. Opencryptoki provides a soft token, wich also can be used on non-s390x platforms. Please make sure you use Opencryptoki 3.23.0. This release should be in 24.04 anyway.
Regarding the pkcs11- sign-provider: Did you upgrade it to the 1.0.1 release? /github. com/opencryptok i/openssl- pkcs11- sign-provider/ releases/ tag/v1. 0.1
https:/
This includes some important fixes regarding fork support (required for Apache).
Note: I would NOT recommend to use 'openssl -provider xxxx', but configure the provider in the OpenSSL config file (needed anyway), and thus have the provider loaded automatically. When using 'openssl -provider xxxx' it might happen that algos that are not provided by the specified provider are not available. You really want to use the PKCS#11 provider ONLY for operations with the signing key, but not for anything else.
Can the s390x package from https:/ /launchpad. net/~ahasenack/ +archive/ ubuntu/ apache2- modssl- provider- support/ be installed on a 23.10 as well? If so, I can give it a try myself, too.