- Install Apache httpd with SSL/TLS support
sudo yum install -y httpd mod_ssl
- Setup your SSL/TLS configuration as per the documentation.
Post-installation the
mod_ssl
package presents thessl.conf
file below. Configure it with your custom directives and optionally rename it:
sudo mv /etc/httpd/conf.d/ssl.conf /etc/httpd/conf.d/httpd-acm.conf
NOTE: A minimal TLS/SSL configuration example (as per documentation):
<VirtualHost *:443>
ServerName www.acm-httpd.example
SSLEngine on
SSLProtocol -all +TLSv1.2
SSLCertificateKeyFile ""
SSLCertificateFile ""
</VirtualHost>
NOTE: The
SSLCertificateFile
andSSLCertificateKeyFile
entries must be present in the configuration enabled and at the beginning of the configuration line (as per defaultmod_ssl
ssl.conf file). Thenitro-enclaves-acm.service
shall scan the configuration file and update them with the correct pkcs#11 URIs after the token gets provisioned with the ACM certificate key.
- Setup ACM for Nitro Enclaves as per the documentation.
NOTE: Copy the default ACM for Nitro Enclaves httpd service configuration file example:
sudo mv /etc/nitro_enclaves/acm-httpd.example.yaml /etc/nitro_enclaves/acm.yaml
-
Make sure that the
/etc/nitro_enclaves/acm.yaml
file contains theConf
directivepath
entry to point at your httpd SSL/TLS configuration file from step2
above. After successfully starting thenitro-enclaves-acm.service
, the enclave shall be up and running with a pkcs#11 token provisioned with a private key and the ACM certificate chain. -
Test that the server works as expected
curl --cacert path_to_pem_file --tlsv1.2 https://host_name_or_IP
or
curl -k --tlsv1.2 https://host_name_or_IP
NOTE: If you used a private certificate, you must add the host name to
/etc/hosts
in the following format:127.0.0.1 host_name
.