Hi Peter, thank you for the quick response cheers alex Alex Apostolopoulos _______________________________________________________ WebTechnology & Smart Card Solutions Secartis AG-eSolutions by Giesecke & Devrient Bretonischer Ring 3, D-85630 Grasbrunn, Germany Phone: +49(0)89 4119-7086, Fax: +49(0)89 4119-7403 Email: [EMAIL PROTECTED], Home: www.secartis.com _______________________________________________________ |------------------------+------------------------+------------------------| | | "Peter Viertel" | | | | <peter.viertel@itacti| An: | | | on.co.uk> | [EMAIL PROTECTED]| | | Gesendet von: | rg | | | owner-modssl-users@mo| Kopie: | | | dssl.org | | | | | Thema: | | | 22.04.2002 19:15 | Re: encipher box | | | Bitte antworten an | | | | modssl-users | | | | | | |------------------------+------------------------+------------------------| Yes, I've done it a few times with apache 1.3 on Solaris, still mucking around with apache 2 though. what you need is: a) the nCipher software for the o/s - these are binary only and will set up a daemon called hardserver, and another package that installs the CHIL library. If they don't have packages for your o/s you are screwed. b) get/compile openssl-engine not the standard openssl. c) test openssl: on a sun it goes like this: # LD_LIBRARY_PATH=/usr/lib:/opt/nfast/toolkits/hwcrhk # export LD_LIBRARY_PATH # openssl speed -engine chil d) now you have openssl talking nCipher ok, you need to recompile mod_ssl to use openssl-engine... use apache 1.3.24, and configure with SSL_EXPERIMENTAL option (without this, you cant get it to use nCipher). e) check you built httpd right: # LD_LIBRARY_PATH=/usr/lib:/opt/nfast/toolkits/hwcrhk # export LD_LIBRARY_PATH # httpd -L | grep SSLCryptoDevice f) add the following line to httpd.conf: SSLCryptoDevice chil Note this shows you how to get any nCipher to provide hardware acceleration, I think the stuff about getting apache to use keys stored in an nForce HSM is another topic altogether, and best left off-list unless enough people want to hear the gory details... Regards, PeterV. [EMAIL PROTECTED] wrote: >Hi, > >does anybody have any experience, links or hints how connect mod_ssl and >enchiper boxes ??? > > >As I am new to this list I am not sure if this is right place to ask this >question. > >cheers Alex Apostolopoulos >_______________________________________________________ >WebTechnology & Smart Card Solutions > >Secartis AG-eSolutions by Giesecke & Devrient >Bretonischer Ring 3, D-85630 Grasbrunn, Germany > >Phone: +49(0)89 4119-7086, Fax: +49(0)89 4119-7403 >Email: [EMAIL PROTECTED], Home: www.secartis.com >_______________________________________________________ > >______________________________________________________________________ >Apache Interface to OpenSSL (mod_ssl) www.modssl.org >User Support Mailing List [EMAIL PROTECTED] >Automated List Manager [EMAIL PROTECTED] > > ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
