<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Following up from today's call, Nginx is capable of using SSL
"engines", which is how you would integrate a PKCS#11 key.<br>
<br>
<a class="moz-txt-link-freetext" href="https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_certificate_key">https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_certificate_key</a>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
<p style="text-align: justify; color: rgb(0, 0, 0); font-family:
sans-serif; font-size: medium; font-style: normal;
font-variant-ligatures: normal; font-variant-caps: normal;
font-weight: normal; letter-spacing: normal; orphans: 2;
text-indent: 0px; text-transform: none; white-space: normal;
widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px;
background-color: rgb(255, 255, 255); text-decoration-style:
initial; text-decoration-color: initial;">> Specifies a<span
class="Apple-converted-space"> </span><code><i>file</i></code><span
class="Apple-converted-space"> </span>with the secret key in the
PEM format for the given virtual server.</p>
<p style="text-align: justify; color: rgb(0, 0, 0); font-family:
sans-serif; font-size: medium; font-style: normal;
font-variant-ligatures: normal; font-variant-caps: normal;
font-weight: normal; letter-spacing: normal; orphans: 2;
text-indent: 0px; text-transform: none; white-space: normal;
widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px;
background-color: rgb(255, 255, 255); text-decoration-style:
initial; text-decoration-color: initial;">> The value<span
class="Apple-converted-space"> </span><code>engine</code>:<code><i>name</i></code>:<code><i>id</i></code><span
class="Apple-converted-space"> </span>can be specified instead
of the<span class="Apple-converted-space"> </span><code><i>file</i></code><span
class="Apple-converted-space"> </span>(1.7.9), which loads a
secret key with a specified<span class="Apple-converted-space"> </span><code><i>id</i></code><span
class="Apple-converted-space"> </span>from the OpenSSL engine<span
class="Apple-converted-space"> </span><code><i>name</i></code>.<br>
</p>
<p style="text-align: justify; color: rgb(0, 0, 0); font-family:
sans-serif; font-size: medium; font-style: normal;
font-variant-ligatures: normal; font-variant-caps: normal;
font-weight: normal; letter-spacing: normal; orphans: 2;
text-indent: 0px; text-transform: none; white-space: normal;
widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px;
background-color: rgb(255, 255, 255); text-decoration-style:
initial; text-decoration-color: initial;">Note: I still don't
think Certbot should implement support for PKCS#11 at this time.<br>
</p>
</body>
</html>