I would like to build a PKI with SSO myself.
I have a (Debian Bullseye) server, I have the Nitrokey HSM
OpenSC is running, the Nitrokey HSM is recognized and I have changed the two PIN.
As I understand it, I now need a certificate authority (0) This I would like to build according to the instructions here yes.
But, “my Debian” does not have the correct “engine1.1” (So the name of the directory) in which actually the file: “pkcs11.so” should be located. But I don’t have this file. In the directory I have only the two files: “afalg.so” & “padlock.so”.
The complete error message when creating the ROOT certificate
invalid engine “pkcs11”
139786609587520:error:25066067:DSO support routines:dlfcn_load:could not load the shared library:…/crypto/dso/dso_dlfcn.c:118:filename(/usr/lib/x86_64-linux-gnu/engines-1.1/pkcs11.so): /usr/lib/x86_64-linux-gnu/engines-1.1/pkcs11.so: cannot open shared object file: No such file or directory
139786609587520:error:25070067:DSO support routines:DSO_load:could not load the shared library:…/crypto/dso/dso_lib.c:162:
139786609587520:error:260B6084:engine routines:dynamic_load:dso not found:…/crypto/engine/eng_dyn.c:414:
139786609587520:error:2606A074:engine routines:ENGINE_by_id:no such engine:…/crypto/engine/eng_list.c:421:id=pkcs11
139786609587520:error:25066067:DSO support routines:dlfcn_load:could not load the shared library:…/crypto/dso/dso_dlfcn.c:118:filename(libpkcs11.so): libpkcs11.so: cannot open shared object file: No such file or directory
139786609587520:error:25070067:DSO support routines:DSO_load:could not load the shared library:…/crypto/dso/dso_lib.c:162:
139786609587520:error:260B6084:engine routines:dynamic_load:dso not found:…/crypto/engine/eng_dyn.c:414:
Furthermore, I am also missing the file: “dso_dlfcn.c” and other files from the package “crypto”. Did I miss something? Or skipped? PKCS11 as “backports” in Debian? What would you do?
Thanks in advance