------- Comment From ifran...@de.ibm.com 2024-03-07 02:42 EDT------- You can also try with Opencryptoki instead of SoftHSM. Opencryptoki provides a soft token, wich also can be used on non-s390x platforms. Please make sure you use Opencryptoki 3.23.0. This release should be in 24.04 anyway.
Regarding the pkcs11-sign-provider: Did you upgrade it to the 1.0.1 release? https://github.com/opencryptoki/openssl-pkcs11-sign-provider/releases/tag/v1.0.1 This includes some important fixes regarding fork support (required for Apache). Note: I would NOT recommend to use 'openssl -provider xxxx', but configure the provider in the OpenSSL config file (needed anyway), and thus have the provider loaded automatically. When using 'openssl -provider xxxx' it might happen that algos that are not provided by the specified provider are not available. You really want to use the PKCS#11 provider ONLY for operations with the signing key, but not for anything else. Can the s390x package from https://launchpad.net/~ahasenack/+archive/ubuntu/apache2-modssl- provider-support/ be installed on a 23.10 as well? If so, I can give it a try myself, too. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2050017 Title: [FFe] [24.04 FEAT] [SEC2339] HSM protected signing support for Apache httpd for openSSL 3.0 with PKCS #11 provider To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/2050017/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs