I have a PKCS#11-compatible smart card with either a private key, or a combination of a certificate and a private key on it (I can have both).
I want to present the certificate from the smart card to visitors, or use a regular certificate file on disk but do decryption of traffic on the smart card using the private key that's only stored there.
This seems like something that should be possible, but existing support for that appears to be non-existent (everyone is focusing on client certificates, which is not what I want).
Windows + IIS seems to not support the option (certificates from file only).
Linux + Apache + mod_ssl seems to come closest, but fails to recognize my pkcs11 engine out of the box. When applying the following patch (https://issues.apache.org/bugzilla/show_bug.cgi?id=52473) the server doesn't start up anymore (seemingly due to a double-locking bug).
No other web server seems to support this at all, at least, none that I can find. Am I wrong? Is there a web server that can do this? Does someone have a better mod_ssl patch? Am I silly to want this in the first place? Please help.
