NGINX HTTP Server
Thales provides the CipherTrust Manager (CM) to manage keys. The NGINX HTTP Server integrates with the CipherTrust Manager using the SafeNet ProtectApp PKCS#11 library.
This integration provides significant performance improvements by offloading cryptographic operations from the NGINX HTTP Server to the CipherTrust Manager. Additionally, SafeNet ProtectApp with NGINX provides extra security by protecting and managing the server’s high-value SSL private key.
Supported Product Versions
CipherTrust Manager
- CipherTrust Manager 1.10 and higher
SafeNet ProtectApp
- SafeNet ProtectApp 8.3.0.P01-001 and higher
NGINX
- NGINX 1.11.x
This integration is validated on Red Hat Enterprise Linux 7.3 (64 bit).
Prerequisites
Ensure that the CipherTrust Manager is installed and configured. For more details, refer to the CipherTrust Manager documentation.
NGINX communicates with the CipherTrust Manager using the Network Attached Encryption (NAE) interface. Ensure that the NAE interface is configured. Refer to the CipherTrust Manager Documentation for more details.
Ensure that NGINX is installed and configured. Refer to the Appendix section for more details.
Ensure that the port configured on the NAE interface is accessible from the NGINX machine.
Steps for Integration
To integrate the NGINX HTTP Server with the CipherTrust Manager:
