Skip to main content

Application Integration

OpenSSL

We recommend using the latest OpenSSL (with EC support) of your Linux distribution.

For OpenSSL version 3.0 and newer the pkcs11-provider bridges the gap between the OpenSSL API and the PKCS#11 API.

For OpenSSL versions prior to 3.0 the pkcs#11 integration is based on the p11-kit (PKCS#11 module handler). Therefore, consult the application note PrimusHSM_P11-Kit-Tool_AN-Enn.pdf, downloadable from the Securosys Support Portal.

In case you still want to use the OpenSSL version 1.0.2u (Linux only, deprecated), consult the application note PrimusAPI_P11-OpenSslApacheProv_AN-Enn.pdf, downloadable from the Securosys Support Portal.

Apache SSL

We recommend using the latest Apache/Nginx of your Linux distribution, based on the p11-kit (PKCS#11 module handler). Therefore, consult the application note PrimusHSM_P11-Kit-Tool_AN-Enn.pdf, downloadable from the Securosys Support Portal.

Note that the previously included Apache version v2.4.46 is no longer distributed nor supported.

In case you still want to use the Apache version 2.4.46 (Linux only, deprecated), consult the application note PrimusAPI_P11-OpenSslApacheProv_AN-Enn.pdf, downloadable from the Securosys Support Portal.

Oracle TDE

Oracle Databases use authentication, authorization, and auditing mechanisms to secure data in the database, but not in the operating system files where the data is stored. To protect those files, Oracle Databases provide transparent data encryption (TDE). This feature enables you to protect sensitive data in database columns or files stored in operating system files by encrypting it. Then, to prevent unauthorized decryption, it stores encryption keys in a security module external to the database. For details consult the application note PrimusAPI_P11-Oracle12_AN-Enn.pdf, downloadable from the Securosys Support Portal.

Further Applications

We are continuously testing further integrations with other applications, e.g.

  • Keyfactor / PrimeKey EJBCA Enterprise 8.x and newer, SignServer, and software appliances
  • EJBCA Community Edition 6.x, 7.x
  • Entrust Certificate Authority (Security Manager) 8.3 and newwer
  • Venafi Trust Protection Platform
  • WhiteRabbit OpenXPKI Enterprise
  • Versasec
  • CipherMail
  • OwnCloud
  • Nevis Security Solutions
  • PDF Tools Solutions
  • Fornetix VaultCore Encryption Management Solutions
  • HashiCorp Vault Enterprise
  • Securden Unified PAM
  • Fortinet FortiGate firewalls
  • And many more

Please check the Securosys Support Portal for specific application notes or contact Securosys sales for more information.