Home

Welcome to the Caml Crush wiki!

The wiki is to be provisioned with content that detail how to configure daemons and applications to isolate the sensitive cryptographic material from their memory space using PKCS#11 and Caml Crush.

Pre-requisite

Caml Crush is presumed installed on the server (either packaged or compiled), see doc.

We also assume, a software HSM is available on the system (be it SoftHSM, openCryptoKi, ...).

It will have to be operational (initialized) and provisioned with cryptographic material. For this purpose we recommend opkcs11-tool or OpenSC's pkcs11-tool.

Web Server scenarios

Apache

mod_nss

To Be Done

Web servers
- lighttpd2
- Apache mod_gnutls
- nginx
- strongswan
- bind DNSSEC
OSS PKI
- EJBCA
- SignServer
Apps
- apps linked with GnuTLS should mostly work using PKCS#11 URL
- apps using OpenSSL engine with "engine_pkcs11" (stunnel, and others)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Home

Welcome to the Caml Crush wiki!

Pre-requisite

Web Server scenarios

Apache

To Be Done

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Clone this wiki locally