The apache2 mod_gnutls https service actually manages to successfully run but keeps returning this error when trying to read private key from pkcs11 URL:
[Wed Jan 20 13:26:25.268236 2016] [gnutls:emerg] [pid 5232:tid 140334984677248] GnuTLS: Failed to Re-Import Private Key URL 'pkcs11:model=SoftHSM;manufacturer=SoftHSM;serial=1;token=GnuTLS-Test;id=%3e%2d%3d%e4%2b%8b%a0%7c%7c%56%08%95%aa%aa%47%db%15%a2%b9%84;object=GnuTLSTest2;object-type=private': (-300) PKCS #11 error.
using apache2 2.4.x with mod-gnutls 0.7.2 + gnutls 3.3.x
OS: Ubuntu vivid
Funny thing is the fact that it doesnt return such error for certificate, just the private key.
So any ideas?
Update:
Here's the configuration file from mod_gnutls.conf:
<IfModule mod_gnutls.c>
# The default method is to use a DBM backed cache. It's not super fast, but
# it's portable and doesn't require another server to be running like
# memcached
#GnuTLSP11Module /usr/lib/softhsm/libsofthsm.so
#GnuTLSPIN 1234
GnuTLSCache dbm /var/cache/apache2/gnutls_cache
# mod_gnutls can optionaly use a memcached server to store SSL sessions.
# This is useful in a cluster environment, where you want all your servers to
# share a single SSL session cache
#GnuTLSCache memcache "127.0.0.1 server2.example.com server3.example.com"
GnuTLSCacheTimeout 600
<VirtualHost _default_:443>
DocumentRoot "/var/www/htdocs"
ServerName localhost
ServerAdmin youremail@example.org
ErrorLog "/var/log/apache2/error_log"
TransferLog "/var/log/apache2/access_log"
GnuTLSEnable on
GnuTLSSessionTickets on
GnuTLSPriorities NORMAL
GNUTLSExportCertificates on
GnuTLSPIN 1234
GnuTLSCertificateFile pkcs11:model=SoftHSM;manufacturer=SoftHSM;serial=1;token=GnuTLS-Test;id=%3e%2d%3d%e4%2b%8b%a0%7c%7c%56%08%95%aa%aa%47%db%15%a2%b9%84;object=GnuTLSTest;object-type=cert
GnuTLSKeyFile pkcs11:model=SoftHSM;manufacturer=SoftHSM;serial=1;token=GnuTLS-Test;id=%3e%2d%3d%e4%2b%8b%a0%7c%7c%56%08%95%aa%aa%47%db%15%a2%b9%84;object=GnuTLSTest2;object-type=private
</VirtualHost>
</IfModule>
