Hi Norman Apologies for giving the wrong context.
We want to store the private key in HSM. Once we have a private key on the HSM, we can export a fake PEM private key file. This file does not contain the actual key data, but it allows the OpenSSL Dynamic Engine to identify the private key on the HSM. For this fake private key can be used to create a certificate signing request (CSR) and sign the CSR to create the certificate. We are looking for a way to configure Netty's SSLContext to be managed by openssl so that the fake private key and generated certificate can be configured to interact with HSM (via Openssl Dynamic engine). I am attaching a reference from Amazon CloudHSM documentation for configuring with NGNIX or Apache. https://docs.aws.amazon.com/cloudhsm/latest/userguide/ssl-offload-import-or-generate-private-key-and-certificate.html Please let me know if you need any other inputs from my end. Thanks Akash On Tuesday, 6 June, 2023 at 7:48:57 pm UTC+5:30 Norman Maurer wrote: > Forgot to add CC… > > > > On 6. Jun 2023, at 16:17, Norman Maurer <[email protected]> wrote: > > Hi Akash, > > Can you point me to how you would do this with NGINX or Apache Server ? I > might miss something but are you sure you need / want todo this with the > certificates and not the “private key” that is used for key-signing ? > > If we are talking about key-signing you could implement your own > OpenSslPrivateKeyMetthod and hook it into netty. Here is a unit-test that > demonstrate this: > > [image: netty.png] > > netty/OpenSslPrivateKeyMethodTest.java at 4.1 · netty/netty > <https://github.com/netty/netty/blob/4.1/handler/src/test/java/io/netty/handler/ssl/OpenSslPrivateKeyMethodTest.java> > github.com > <https://github.com/netty/netty/blob/4.1/handler/src/test/java/io/netty/handler/ssl/OpenSslPrivateKeyMethodTest.java> > > <https://github.com/netty/netty/blob/4.1/handler/src/test/java/io/netty/handler/ssl/OpenSslPrivateKeyMethodTest.java> > > Bye > Norman > > > On 6. Jun 2023, at 16:13, Akash Maharana <[email protected]> wrote: > > Hi Team > > I am currently working on the *Thales Network HSM integration*. Our > application is built on top of *Netty framework*. For establishing the > *TLS* session we are currently stored the customer uploaded certificates > in the server and add that to the Netty's SSL context through JAVA > libraries. But to avoid any security glitch we want to put those > certificates in a HSM and use this certificate for establishing the TLS > session. > > I have tried multiple ways to achieve this but no luck. There are ways to > do this with NGINX or Apache server but for Netty it's hard to find. > > Please let me know if you have any leads to solve this use case or > anything similar to this you have solved before. > > Waiting for your response. Any leads will be appreciated. > > Thanks > Akash > > -- > You received this message because you are subscribed to the Google Groups > "Netty discussions" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/netty/2854d657-1ec3-4228-84eb-5af93d823f2an%40googlegroups.com > > <https://groups.google.com/d/msgid/netty/2854d657-1ec3-4228-84eb-5af93d823f2an%40googlegroups.com?utm_medium=email&utm_source=footer> > . > > > > -- You received this message because you are subscribed to the Google Groups "Netty discussions" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/netty/33136cd2-6466-4c48-a11f-7c50cdab8597n%40googlegroups.com.
