[squid-users] Squid working with HSM

Amos Jeffries squid3 at treenet.co.nz
Sun May 27 06:36:08 UTC 2018


On 25/05/18 21:26, Ant Ducker wrote:
> Hi all,
> 
> I am interested in using an HSM (Hardware Security Module) to secure my
> certificate's private key when using Squid to perform SSL break.
> 
> Does anyone have any experience in doing this, and if so, could you give
> me any pointers ?

( NOTE: I have not done this myself, so this is just a "maybe" - if
anyone else has more direct knowledge for your situation go with that. )


If there is a password (or HSM token used as password?) needed for
access to the key file(s) you can configure a helper script in the
sslpassword_program directive to give Squid that password.
 <http://www.squid-cache.org/Doc/config/sslpassword_program/>

AFAIK, this helper is a bit special in that it is expected only to
provide the password and exit. Other helpers must run constantly.

Also if the HSM requires any special way to access the keying material
than password protection on the key file it is probably a matter for the
openssl config instead of Squid.

Amos


More information about the squid-users mailing list