Skip to main content

Installation

This procedure provides a straightforward integration process, which has been tested. Please take notice that there may be other ways to achieve it. This guide assumes that you are familiar with the Primus HSM, Linux operating system installation and configuration procedures, OpenSSL configuration etc. and does not cover every step of the hardware and software setup process. The application note does not cover firewall nor SELinux configuration. The following installation and configuration description are based on Rocky Linux 8 and may slightly differ for other Linux distributions.

note

Versions of the Securosys PKCS#11 Provider before v2.1 were shipped including a version of OpenSSL and httpd. It is not recommended to use these versions anymore. Make sure that they are no longer part of the PATH or LD_LIBRARY_PATH variables. Use the following variable definitions instead:

export PRIMUS_HOME=/usr/local/primus
export PATH=$PRIMUS_HOME/bin:$PATH
export LD_LIBRARY_PATH=$PRIMUS_HOME/lib:$LD_LIBRARY_PATH

Install the packages for your distribution according to the prerequisites. On Rocky Linux 8 the opensc and p11-kit package are necessary for all scenarios.

sudo yum install opensc p11-kit

Depending on the use case additional packages need to be installed.

To use the p11-kit in combination with OpenSSL additionally install the openssl-pkcs11 package.

sudo yum install openssl-pkcs11

Ensure that the correct version of OpenSSL from your OS is used and not the one included in the Primus provider package with the following command:

openssl version
OpenSSL 1.1.1k  FIPS 25 Mar 2021