Hi, To save me hours of Googling followed by hours of console bashing I thought perhaps someone here who's "been there, done that, got the T-shirt" can point me in the right direction.
So far I've got: • A USB HSM • OpenSC installed (from package) and working (i.e. no problems using pkcs11-tool / pkcs15-tool) But now I'm struggling with the main event. Creating an HSM-backed CA, so something along these lines :https://framkant.org/2018/04/smartcard-hsm-backed-openssl-ca/ <https://framkant.org/2018/04/smartcard-hsm-backed-openssl-ca/> >From the man pages it seems the bundled libressl has no PKCS11 support built >in. The OpenSC package seems to deliver "/usr/local/lib/pkcs11/opensc-pkcs11.so" (i.e. for openssl MODULE_PATH), but there's no sign of "pkcs11.so" (i.e. for openssl SO_PATH) anywhere on the system. If some kind soul could point me in the right direction as to what parts of the puzzle I'm missing, that would be much appreciated. Thanks ! Rachel