Bug 1668717

Summary: [RFE] Support loading certificates from hardware token (PKCS#11)
Product: Red Hat Enterprise Linux 8 Reporter: Branislav Náter <bnater>
Component: nginxAssignee: Luboš Uhliarik <luhliari>
Status: CLOSED ERRATA QA Contact: Jakub Heger <jheger>
Severity: unspecified Docs Contact: Lenka Špačková <lkuprova>
Priority: unspecified    
Version: 8.0CC: bperkins, jorton, lkuprova, lmanasko, luhliari, nmavrogi, pasik
Target Milestone: rcKeywords: FutureFeature, Triaged
Target Release: 8.3   
Hardware: Unspecified   
OS: Unspecified   
Fixed In Version: Doc Type: Bug Fix
Doc Text:
.`nginx` can now load server certificates from hardware security tokens through the PKCS#11 URI The `ssl_certificate` directive of the `nginx` web server supports loading TLS server certificates from hardware security tokens directly from PKCS#11 modules. Previously, it was impossible to load server certificates from hardware security tokens through the PKCS#11 URI.
Story Points: ---
Clone Of:
: 1955564 (view as bug list) Environment:
Last Closed: 2020-11-04 03:16:18 UTC Type: Enhancement
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 1955564    

Description Branislav Náter 2019-01-23 12:03:19 UTC
Description of problem:
Related to BZ#1545526 - "nginx supports PKCS#11 according to system policy".

nginx now support loading private key from HW token but does not support loading certificate (httpd support loading both).

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:

Actual results:

Expected results:

Additional info:

Comment 25 errata-xmlrpc 2020-11-04 03:16:18 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (new module: nginx:1.18), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.