OpenSSL PKCS#11 Support in BIND via engine_pkcs11
Ondřej Surý
ondrej at isc.org
Wed Jan 22 10:16:47 UTC 2020
Dear bind-users,
I wrote a wiki page describing how to integrate stock BIND 9 with PKCS#11
HSMs using OpenSSL PKCS#11 engine (from OpenSC project):
https://gitlab.isc.org/isc-projects/bind9/-/wikis/BIND-9-PKCS11
If you ever worked with HSM (and even better with BIND 9 and HSMs),
I would appreciate if you can take a look, and perhaps try the method
and report back success / failure?
I understand that the PKCS#11 interface in BIND 9 isn’t very human
friendly, but most of it comes from the fact that PKCS#11 itself isn’t
human friendly. That said, we will look how to improve the experience
of using HSMs with BIND 9, so don’t be afraid to fill issues and feature
requests in BIND 9 GitLab issue tracker: https://gitlab.isc.org/isc-projects/bind9/issues
Ondrej
--
Ondřej Surý
ondrej at isc.org
More information about the bind-users
mailing list