Using NGINX or Apache with OpenSSL for SSL/TLS offload on Linux

This topic provides step-by-step instructions for setting up SSL/TLS offload with AWS CloudHSM on a Linux web server.

Topics

Overview

On Linux, the NGINX and Apache HTTP Server web server software integrate with OpenSSL to support HTTPS. The AWS CloudHSM dynamic engine for OpenSSL provides an interface that enables the web server software to use the HSMs in your cluster for cryptographic offloading and key storage. The OpenSSL engine is the bridge that connects the web server to your AWS CloudHSM cluster.

To complete this tutorial, you must first choose whether to use the NGINX or Apache web server software on Linux. Then the tutorial shows you how to do the following:

Install the web server software on an Amazon EC2 instance.
Configure the web server software to support HTTPS with a private key stored in your AWS CloudHSM cluster.
(Optional) Use Amazon EC2 to create a second web server instance and Elastic Load Balancing to create a load balancer. Using a load balancer can increase performance by distributing the load across multiple servers. It can also provide redundancy and higher availability if one or more servers fail.

When you're ready to get started, go to Step 1: Set up the prerequisites.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

SSL/TLS offload on Linux

1: Get ready