-
Notifications
You must be signed in to change notification settings - Fork 21
/
Copy pathConfiguring_Providers.txt
161 lines (93 loc) · 4.66 KB
/
Configuring_Providers.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
Notes for OpenSSL Video #13 | Configuring Providers
====================================================
>> Instructions on how to build OpenSSL 3.x from source | WINDOWS
-------------------------------------------------------------------
NOTE :- These instructions are for building 64 bit binaries. Process to build binaries for other architecture may be a bit different.
# Download and Install MSYS2 from https://www.msys2.org/. This program has everything required to build OpenSSL from source.
# Download and Copy openssl tarball into C:\msys64\home\%YOUR_USER_NAME%
# Launch "MSYS2 MINGW64" from Start Menu.
# Install mingw build tools using the command "pacman -S mingw-w64-x86_64-gcc make"
# Untar openssl tarball "tar xf openssl-3.x.x.tar.gz"
# Get into the extracted OpenSSL directory and configure the makefile using the command -> "./Configure mingw64 --prefix=C:/OpenSSL --openssldir=C:/OpenSSL enable-fips"
# execute "make".
# execute "make install". #SEE NOTES BELOW FOR OTHER MAKE INSTALL OPTIONS.
>> Instructions on how to build OpenSSL 3.x from source | Unix/Linux
----------------------------------------------------------------------
# Be sure your system already has gcc, make, and perl installed.
# Download OpenSSL tarball from openssl.org.
# Extract tarball using "tar xf openssl_tar_ball_name"
# Get into the extracted OpenSSL directory and configure the make file as follows.
./config --prefix=/opt/openssl --openssldir=/opt/openssl enable-fips ## you can choose your own prefered location.
# Start the build process by executing "make"
# Install the built binaries using "make install" #SEE NOTES BELOW FOR OTHER MAKE INSTALL OPTIONS.
MAKE OPTIONS
-------------
#INSTALL OPTIONS : -
make install ................ : Installs everything.
make install_sw ............. : Installs the executables, libraries and header files.
make install_fips ........... : Installs the fips module and configuration file.
make install_engines ........ : Installs OpenSSL engine libraries.
make install_docs ........... : Installs the complete manual for OpenSSL.
make install_man_docs ........ : Installs only man file.
make install_ssldirs ........ : Installs directory and files for SSL setup.
make install_dev ............ : Installs header files and libraries for software development.
make install_modules ........ : Installs only libraries.
make install_runtime ........ : Installs openssl program, libcrypto and libssl library.
make install_runtime_libs ... : Installs libcrypto and libssl.
make install_programs ....... : Installs openssl program, libcrypto and libssl library.
#UNINSTALL OPTIONS : -
make uninstall .............. : Removes everything.
make uninstall_sw ........... : Removes executables, libraries and header files.
make uninstall_docs ......... : Removes all documentation.
make uninstall_dev .......... : Removes all development files.
make uninstall_fips ......... : Removes fips module.
make uninstall_engine ....... : Removes engine libraries.
make uninstall_programs ..... : Removes the executable and libraries.
>> Configuring Providers in OpenSSL
------------------------------------
# Displays the list of all available providers.
openssl list -providers
# Check the path configured for OpenSSL using 'openssl version -a'.
# Go to your OPENSSLDIR path and edit openssl.cnf
# Search for [provider_sect] and add entry for the provider you want to use under it.
-> For LEGACY PROVIDER :
legacy = legacy_sect
-> For DEFAULT PROVIDER :
default = default_sect
-> For BASE PROVIDER :
base = base_sect
-> For NULL PROVIDER :
null = null_sect
-> For FIPS PROVIDER :
fips = fips_sect
# Write a new section for your provider as follows.
-> For LEGACY PROVIDER :
[legacy_sect]
activate = 1
-> For DEFAULT PROVIDER :
[default_sect]
activate = 1
-> FOR BASE PROVIDER :
[base_sect]
activate = 1
-> FOR NULL PROVIDER :
[null_sect]
activate = 1
>> Configuring FIPS Provider
-----------------------------
'/opt/openssl' is the location where openssl is installed.
# Generate and write FIPS module configuration
openssl fipsinstall -out /opt/openssl/fipsmodule.cnf -module /opt/openssl/lib64/ossl-module/fips.so
# Edit /opt/openssl/openssl.cnf to write the following entries.
> Uncomment the line '.include fipsmodule.cnf'.
> Add the location of fips configuration file as ".include /opt/openssl/fipsmodule.cnf"
> Add entry for BASE provider and FIPS module under [provider_sect]
[provider_sect]
base = base_sect
fips = fips_sect
> Write a new section for BASE provider
[base_sect]
activate = 1
> Write a new section for FIPS module.
[fips_sect]
activate = 1