1swtpm-localca.conf(8) swtpm-localca.conf(8)
2
3
4
6 swtpm-localca.conf - Configuration file for swtpm-localca
7
9 The file /etc/swtpm-localca.conf contains configuration variables for
10 the swtpm-localca program.
11
12 The following configuration variables must be set:
13
14 statedir
15 The name of a directory where to store data into. A lock will be
16 created in this directory.
17
18 signinkey
19 The file containing the key used for signing the certificates.
20 Provide a key in PEM format. In case a PKCS11 URI is used all
21 semicolons ';' have to be escaped and written as '\;'.
22
23 signingkey_password
24 The password to use for the signing key.
25
26 issuercert
27 The file containing the certificate for this CA. Provide a
28 certificate in PEM format.
29
30 certserial
31 The name of file containing the serial number for the next
32 certificate.
33
34 TSS_TCSD_HOSTNAME
35 This variable can be set to the host where tcsd is running on in
36 case the signing key is a GnuTLS TPM 1.2 key. By default localhost
37 will be used.
38
39 TSS_TCSD_PORT
40 This variable can be set to the port on which tcsd is listening
41 for connections. By default port 30003 will be used.
42
44 An example swtpm-localca.conf file may look as follows:
45
46 statedir = /var/lib/swtpm_localca
47 signingkey = /var/lib/swtpm_localca/signkey.pem
48 issuercert = /var/lib/swtpm_localca/issuercert.pem
49 certserial = /var/lib/swtpm_localca/certserial
50
51 With a PKCS11 URI it may look like this:
52
53 statedir = /var/lib/swtpm-localca
54 signingkey = pkcs11:model=SoftHSM%20v2\;manufacturer=SoftHSM%20project\;serial=891b99c169e41301\;token=mylabel\;id=%00\;object=mykey\;type=public
55 issuercert = /var/lib/swtpm-localca/swtpm-localca-tpmca-cert.pem
56 certserial = /var/lib/swtpm-localca/certserial
57 SWTPM_PKCS11_PIN = 1234
58
60 swtpm-localca
61
63 Report bugs to Stefan Berger <stefanb@linux.vnet.ibm.com>
64
65
66
67swtpm 2017-11-13 swtpm-localca.conf(8)