Commit 7f4092e9 authored by Vladimir Kiryakov's avatar Vladimir Kiryakov
Browse files

Added ref to OpenSSL Engine and certificate request example

parent 0fb612f8
......@@ -19,6 +19,11 @@ _Disclaimer: This guide based on A71CH OpenSSL Engine and OpenSSL example script
* [Snapcraft: Slots and plugs](https://snapcraft.io/docs/interface-management)
* [Snapcraft: interface type `content`](https://forum.snapcraft.io/t/the-content-interface/1074)
#### OpenSSL Docs
* [Introduction to OpenSSL Engine](https://www.openssl.org/blog/blog/2015/10/08/engine-building-lesson-1-a-minimum-useless-engine/)
## Components Overview
#### A71CH Host API usage example using A71CH Host API functions
......@@ -96,21 +101,23 @@ Assembled engine files located in the [jrcp_host/lib](jrcp_host/lib) folder.
#### Engine & client configuration
Client configuration via should be via ENV variable `OPENSSL_CONF`.
```
OPENSSL_CONF=/path/to/opensslA71CH.cnf
LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/path/to/jrcp/lib
To use NXP A71CH via OpenSSL you should load OpenSSL Engine. Use the following environment variables to load Engine.
```bash
export JRCP_HOSTNAME=127.0.0.1
export JRCP_PORT=8050
export OPENSSL_CONF=$SNAP/certs/opensslA71CH.cnf
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$SNAP/jrcp/lib
```
You can find example of `opensslA71CH.cnf` [here](./opensslA71CH.cnf).
- `JRCP_HOSTNAME` and `JRCP_PORT` link to `rigado-hsm-server` snap. _You can target engine to specific JRCP server_
- `OPENSSL_CONF` env variable used by OpenSSL _You can find example of `opensslA71CH.cnf` [here](./opensslA71CH.cnf)._
- `OPENSSL_CONF` env variable used by OpenSSL
_Note: Some libraries can ignore `OPENSSL_CONF` and skip the loading of the engine. Please validate that your transport first._
You can target engine to specific JRCP server via `JRCP_HOSTNAME` and `JRCP_PORT` env.
The default configuration is:
```
JRCP_HOSTNAME=127.0.0.1
JRCP_PORT=8050
```
After configuring OpenSSL Engine we can generate keypair and certificate request. You can find example [here](https://git.rigado.com/cascade/rigado-hsm-server/blob/master/rootfs/bin/init_A71CH_openssl).
[Snaps Host API usage]: images/snaps.png "A71CH Host API Usage via Snaps on Cascade-500"
[A71CH Host API usage]: images/nxp.png "A71CH Host API usage example using A71CH Host API functions"
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment