1swtpm-localca.conf(8)                                    swtpm-localca.conf(8)
2
3
4

NAME

6       swtpm-localca.conf - Configuration file for swtpm-localca
7

DESCRIPTION

9       The file /etc/swtpm-localca.conf contains configuration variables for
10       the swtpm-localca program.
11
12       Entries may contain shell variables that will be resolved. All shell
13       variables must be formatted like this: '${varname}'.
14
15       Users may write their own configuration into
16       ${XDG_CONFIG_HOME}/swtpm-localca.conf or if XDG_CONFIG_HOME is not set
17       it may be in ${HOME}/.config/swtpm-localca.conf.
18
19       The following configuration variables are supported:
20
21       statedir
22           The name of a directory where to store data into. A lock will be
23           created in this directory.
24
25       signinkey
26           The file containing the key used for signing the certificates.
27           Provide a key in PEM format or a pkcs11 URI.
28
29       signingkey_password
30           The password to use for the signing key.
31
32       issuercert
33           The file containing the certificate for this CA. Provide a
34           certificate in PEM format.
35
36       certserial
37           The name of file containing the serial number for the next
38           certificate.
39
40       TSS_TCSD_HOSTNAME
41           This variable can be set to the host where tcsd is running on in
42           case the signing key is a GnuTLS TPM 1.2 key. By default localhost
43           will be used.
44
45       TSS_TCSD_PORT
46           This variable can be set to the port on which  tcsd is listening
47           for connections. By default port 30003 will be used.
48
49       env:<environment variable name=<value>>
50           Environment variables, that are needed by pkcs11 modules, can be
51           set using this format. An example for such an environment variable
52           may look like this:
53
54               env:MY_MODULE_PKCS11_CONFIG = /tmp/mymodule-pkcs11.conf
55
56           The line must not contain any trailing spaces.
57

EXAMPLE

59       An example swtpm-localca.conf file may look as follows:
60
61        statedir = /var/lib/swtpm_localca
62        signingkey = /var/lib/swtpm_localca/signkey.pem
63        issuercert = /var/lib/swtpm_localca/issuercert.pem
64        certserial = /var/lib/swtpm_localca/certserial
65
66       With a PKCS11 URI it may look like this:
67
68        statedir = /var/lib/swtpm-localca
69        signingkey = pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=891b99c169e41301;token=mylabel;id=%00;object=mykey;type=public
70        issuercert = /var/lib/swtpm-localca/swtpm-localca-tpmca-cert.pem
71        certserial = /var/lib/swtpm-localca/certserial
72        SWTPM_PKCS11_PIN = 1234
73

SEE ALSO

75       swtpm-localca
76

REPORTING BUGS

78       Report bugs to Stefan Berger <stefanb@linux.vnet.ibm.com>
79
80
81
82swtpm                             2021-01-27             swtpm-localca.conf(8)