I have installed OpenSSL 1.0.1f and created an Engine for RSA acceleration using GPU. The Engine is dynamic so it is known globally.
Then I have installed Apache $ sudo apt-get install apache2
, created self signed certificates in order to provide HTTPS services, modified the configuration files, etc.
These two parts work properly but separately, i.e. when I try to specify Apache to use the RSA engine (in OpenSSL 1.0.1f) it just fails with message:
* The apache2 configtest failed. Not doing anything.
Output of config test was:
AH00526: Syntax error on line 3 of /etc/apache2/sites-enabled/default-ssl.conf:
SSLCryptoDevice: Invalid argument; must be one of: 'builtin' (none), 'rsax' (RSAX engine support), 'dynamic' (Dynamic engine loading support)
So my questions:
Under Ubuntu 14.04 64-bit, is Apache using other version of OpenSSL then the version installed by me?
And how can I link the Apache with the OpenSSL in order to use that Engine?
Server version: Apache/2.4.7 (Ubuntu)
Server built: Jan 14 2016 17:45:23
And the dynamic engines are:
root@dani-pc:/etc/apache2# openssl engine
(rsax) RSAX engine support
(dynamic) Dynamic engine loading support
(rsagpu) RSA GPU engine support
So I added SSLCryptoDevice rsagpu
to /etc/apache2/sites-available/default-ssl.conf
file and it fails, but SSLCryptoDevice rsax
works great.
Best Answer
Steps that finally worked for me:
1.Install OpenSSL from sources, specifying
-DOPENSSL_LOAD_CONF
when running./config
1.1.Create/build your OpenSSL engine and add it to your
openssl.cnf
file2.Install httpd from sources, using these commands:
2.1.Edit
httpd-ssl.conf
by addingSSLCryptoDevice engine_id
and make sure that when execute$ openssl engine
, theengine_id
specifier appears on the list. Also, you have to create self-signed cerificate and private key, modify thehttpd.conf
file, but this is not the subject of this question. Search: how to configure HTTPS on Apache.3.
$ httpd -k restart
and that is all.