Bug 1668717 - [RFE] Support loading certificates from hardware token (PKCS#11)
Summary: [RFE] Support loading certificates from hardware token (PKCS#11)
Alias: None
Product: Red Hat Enterprise Linux 8
Classification: Red Hat
Component: nginx
Version: 8.0
Hardware: Unspecified
OS: Unspecified
Target Milestone: rc
: 8.3
Assignee: Luboš Uhliarik
QA Contact: Jakub Heger
Lenka Špačková
Depends On:
Blocks: 1955564
TreeView+ depends on / blocked
Reported: 2019-01-23 12:03 UTC by Branislav Náter
Modified: 2021-04-30 12:03 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
.`nginx` can now load server certificates from hardware security tokens through the PKCS#11 URI The `ssl_certificate` directive of the `nginx` web server supports loading TLS server certificates from hardware security tokens directly from PKCS#11 modules. Previously, it was impossible to load server certificates from hardware security tokens through the PKCS#11 URI.
Clone Of:
: 1955564 (view as bug list)
Last Closed: 2020-11-04 03:16:18 UTC
Type: Enhancement
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHEA-2020:4716 0 None None None 2020-11-04 03:16:21 UTC

Description Branislav Náter 2019-01-23 12:03:19 UTC
Description of problem:
Related to BZ#1545526 - "nginx supports PKCS#11 according to system policy".

nginx now support loading private key from HW token but does not support loading certificate (httpd support loading both).

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:

Actual results:

Expected results:

Additional info:

Comment 25 errata-xmlrpc 2020-11-04 03:16:18 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (new module: nginx:1.18), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.