> Regarding the pkcs11-sign-provider: Did you upgrade it to the 1.0.1 release?
Yes, I was using 1.0.1 from noble:
openssl-pkcs11-sign-provider 1.0.1-0ubuntu1
And pkcs11-provider 0.3-1.
> Note: I would NOT recommend to use 'openssl -provider xxxx', but configure the provider in the OpenSSL
> config file
It's what I did. openssl list -providers works without further options, indicating the system-wide openssl config file is loading the module:
$ openssl list -providers
Providers:
default
name: OpenSSL Default Provider
version: 3.0.10
status: active
pkcs11sign
name: PKCS11 signing key provider
version: 1.0.1
status: active
I think apache is not even trying, or not able, to load the private key from softhsm2. When I start it in the foreground with -X, it doesn't prompt for the pin. And it doesn't change if I give the pin-value in the pkcs11 URI or not. More investigation/testing is needed. This setup is somewhat complex, involving multiple libraries from different source packages, it's quite possible I did something wrong.
> Regarding the pkcs11- sign-provider: Did you upgrade it to the 1.0.1 release?
Yes, I was using 1.0.1 from noble:
openssl- pkcs11- sign-provider 1.0.1-0ubuntu1
And pkcs11-provider 0.3-1.
> Note: I would NOT recommend to use 'openssl -provider xxxx', but configure the provider in the OpenSSL
> config file
It's what I did. openssl list -providers works without further options, indicating the system-wide openssl config file is loading the module:
$ openssl list -providers
Providers:
default
name: OpenSSL Default Provider
version: 3.0.10
status: active
pkcs11sign
name: PKCS11 signing key provider
version: 1.0.1
status: active
I think apache is not even trying, or not able, to load the private key from softhsm2. When I start it in the foreground with -X, it doesn't prompt for the pin. And it doesn't change if I give the pin-value in the pkcs11 URI or not. More investigation/ testing is needed. This setup is somewhat complex, involving multiple libraries from different source packages, it's quite possible I did something wrong.