OpenSSL PKCS#11 Support in BIND via engine_pkcs11

Ondřej Surý ondrej at
Wed Jan 22 10:16:47 UTC 2020

Dear bind-users,

I wrote a wiki page describing how to integrate stock BIND 9 with PKCS#11
HSMs using OpenSSL PKCS#11 engine (from OpenSC project):

If you ever worked with HSM (and even better with BIND 9 and HSMs),
I would appreciate if you can take a look, and perhaps try the method
and report back success / failure?

I understand that the PKCS#11 interface in BIND 9 isn’t very human
friendly, but most of it comes from the fact that PKCS#11 itself isn’t
human friendly. That said, we will look how to improve the experience
of using HSMs with BIND 9, so don’t be afraid to fill issues and feature
requests in BIND 9 GitLab issue tracker:

Ondřej Surý
ondrej at

More information about the bind-users mailing list