How To
Summary
OpenSSL-ibmca is an OpenSSL engine and provider that uses the libica library under s390x to accelerate cryptographic operations.
This document explains the steps needed to install and configure OpenSSL-ibmca on Red Hat Enterprise Linux 9 for IBM Z.
Objective
How to install and configure openSSL-ibmca on Red Hat Enterprise Linux for IBM Z
Environment
Red Hat Enterprise Linux 9 for IBM Z
Steps
1-Install the required packages.
# yum -y install openssl-ibmca openssl-devel openssl
2-Run "ibmca-engine-opensslconfig" command to generate openssl.cnf.ibmca file under the current directory.
# /usr/share/doc/openssl-ibmca/ibmca-engine-opensslconfig
3-On the created file before line "init = 1", add the line "libica = libica.so.4".
# mv /etc/pki/tls/openssl.cnf /etc/pki/tls/openssl.cnf.orig
4-Replace /etc/pki/tls/openssl.cnf with the generated openssl.cnf.ibmca file.
# mv /etc/pki/tls/openssl.cnf /etc/pki/tls/openssl.cnf.orig
# mv openssl.cnf.ibmca /etc/pki/tls/openssl.cnf
5-To confirm that the OpenSSL-ibmca engine is configured properly, run "openssl engine -c" command.
# openssl engine -c
(dynamic) Dynamic engine loading support
(ibmca) Ibmca hardware engine support
[RAND, DES-ECB, DES-CBC, DES-OFB, DES-CFB, DES-EDE3, DES-EDE3-CBC, DES-EDE3-OFB, DES-EDE3-CFB, AES-128-ECB, AES-192-ECB, AES-256-ECB, AES-128-CBC, AES-192-CBC, AES-256-CBC, AES-128-OFB, AES-192-OFB, AES-256-OFB, AES-128-CFB, AES-192-CFB, AES-256-CFB, id-aes128-GCM, id-aes192-GCM, id-aes256-GCM, SHA1, SHA256, SHA512]
Additional Information
OpenSSL-ibmca is an OpenSSL engine and provider that uses the libica library under s390x to accelerate cryptographic operations.
The libica library provides cryptographic functions for cryptographic applications on IBM Z or IBM LinuxONE, both with and without cryptographic hardware. It is a part of the openCryptoki project in GitHub. It is primarily used by OpenSSL through the IBM OpenSSL CA engine or by openCryptoki. This product includes software that is developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org).
Related Information
Document Location
Worldwide
[{"Line of Business":{"code":"LOB26","label":"Storage"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SGMV157","label":"IBM Support for Red Hat Enterprise Linux Server"},"ARM Category":[{"code":"a8m0z000000GpKGAA0","label":"Linux on system Z"}],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions","Type":"MASTER"}]
Was this topic helpful?
Document Information
Modified date:
02 October 2022
UID
ibm16614287