A basic configuration:

1) Create a signing key (example here is for the Google/Apple unmanaged
   corona contact enabling key, ES256 (ECDSA p256) X9.62 DER blob)

   openssl ecparam -name secp256k1 -genkey -noout -out /etc/pki/ec.key
   openssl ec -in /etc/pki/ec.key -pubout /etc/pki/ec.pub

2) Include below into your config file

   <IfModule mod_sign.c>
      <Location /signdigest>
          SetHandler sign
          SignKey /etc/pki/ec.key
      </Location>
   </IfModule>
 
3) Test by doing:

	# Generate a payload and calculat the digest.
	echo my payload > payload.txt
        openssl sha256 payload.txt

	# Offer this digest for signing - request a binary blob back.
	#
        curl 'http://localhost/signdigest?digest=0d2a2ba99cb99e1ecc60154c49a1a56c1e67d43473709ff8e89cea6ac3d01010&digest_encoding=hex&signature_encoding=binary'  > sig.bin

	# Verify that the signature is correct. You should see 'Verified OK'
        openssl dgst -sha256 -verify ec.pub -hex -signature sig.bin payload.txt
 
Parameters

	digest
		digest itself. Accepts HEX and Base64.
		Hex can be of the 0d2a or the 02:2a and '02 2a ..' variety.

	digest_encoding	
		HEX or base64

	signature_encoding
		HEX or base64 or Binary

	digest_type
		any type openssl support. See

			openssl list  -digest-algorithms 

		for a few list.