On 25/05/18 21:26, Ant Ducker wrote: > Hi all, > > I am interested in using an HSM (Hardware Security Module) to secure my > certificate's private key when using Squid to perform SSL break. > > Does anyone have any experience in doing this, and if so, could you give > me any pointers ? ( NOTE: I have not done this myself, so this is just a "maybe" - if anyone else has more direct knowledge for your situation go with that. ) If there is a password (or HSM token used as password?) needed for access to the key file(s) you can configure a helper script in the sslpassword_program directive to give Squid that password. <http://www.squid-cache.org/Doc/config/sslpassword_program/> AFAIK, this helper is a bit special in that it is expected only to provide the password and exit. Other helpers must run constantly. Also if the HSM requires any special way to access the keying material than password protection on the key file it is probably a matter for the openssl config instead of Squid. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
