Ubuntu
apache2 package

  1. Bug #2050017
  2. Comment #25

Comment 25 for bug 2050017

Revision history for this message
bugproxy (bugproxy) wrote : Comment bridged from LTC Bugzilla

------- Comment From <email address hidden> 2024-03-07 02:42 EDT-------
You can also try with Opencryptoki instead of SoftHSM. Opencryptoki provides a soft token, wich also can be used on non-s390x platforms. Please make sure you use Opencryptoki 3.23.0. This release should be in 24.04 anyway.

Regarding the pkcs11-sign-provider: Did you upgrade it to the 1.0.1 release?
https://github.com/opencryptoki/openssl-pkcs11-sign-provider/releases/tag/v1.0.1
This includes some important fixes regarding fork support (required for Apache).

Note: I would NOT recommend to use 'openssl -provider xxxx', but configure the provider in the OpenSSL config file (needed anyway), and thus have the provider loaded automatically. When using 'openssl -provider xxxx' it might happen that algos that are not provided by the specified provider are not available. You really want to use the PKCS#11 provider ONLY for operations with the signing key, but not for anything else.

Can the s390x package from https://launchpad.net/~ahasenack/+archive/ubuntu/apache2-modssl-provider-support/ be installed on a 23.10 as well? If so, I can give it a try myself, too.