On Wed, 2014-02-26 at 00:55 +0000, Michael McNally wrote: > A new compile-time option, "configure --enable-native-pkcs11", > allows the BIND 9 cryptography functions to use the PKCS#11 API > natively, so that BIND can drive a cryptographic hardware service > module (HSM) directly instead of using a modified OpenSSL as an > intermediary. This has been tested with the Thales nShield HSM > and with SoftHSMv2 from the OpenDNSSEC project. [RT #29031]
Has anyone tried this yet? - either using SoftHSM or a Thales HSM? I have access to a totally unconfigured Thales netShield Connect 500. Without reading *all* the manuals - anyone have a HowTo setup to make one of these beasties talk PKCS#11... a Goto page XX is acceptable.. -- . . ___. .__ Posix Systems - (South) Africa /| /| / /__ m...@posix.co.za - Mark J Elkins, Cisco CCIE / |/ |ARK \_/ /__ LKINS Tel: +27 12 807 0590 Cell: +27 82 601 0496 _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users