Hi Norman
Apologies for giving the wrong context.
We want to store the private key in HSM. Once we have a private key on the HSM, we can export a fake PEM private key file. This file does not contain the actual key data, but it allows the OpenSSL Dynamic Engine to identify the private key on the HSM. For this fake private key can be used to create a certificate signing request (CSR) and sign the CSR to create the certificate.
We are looking for a way to configure Netty's SSLContext to be managed by openssl so that the fake private key and generated certificate can be configured to interact with HSM (via Openssl Dynamic engine).
I am attaching a reference from Amazon CloudHSM documentation for configuring with NGNIX or Apache.
Please let me know if you need any other inputs from my end.
Thanks
Akash