The file /etc/swtpm-localca.conf contains configuration variables for the swtpm-localca program.
The following configuration variables must be set:
The name of a directory where to store data into. A lock will be created in this directory.
The file containing the key used for signing the certificates. Provide a key in PEM format. In case a PKCS11 URI is used all semicolons ';' have to be escaped and written as '\;'.
The password to use for the signing key.
The file containing the certificate for this CA. Provide a certificate in PEM format.
The name of file containing the serial number for the next certificate.
This variable can be set to the host where tcsd is running on in case the signing key is a GnuTLS TPM 1.2 key. By default localhost will be used.
This variable can be set to the port on which tcsd is listening for connections. By default port 30003 will be used.
An example swtpm-localca.conf file may look as follows:
statedir = /var/lib/swtpm_localca signingkey = /var/lib/swtpm_localca/signkey.pem issuercert = /var/lib/swtpm_localca/issuercert.pem certserial = /var/lib/swtpm_localca/certserial
With a PKCS11 URI it may look like this:
statedir = /var/lib/swtpm-localca signingkey = pkcs11:model=SoftHSM%20v2\;manufacturer=SoftHSM%20project\;serial=891b99c169e41301\;token=mylabel\;id=%00\;object=mykey\;type=public issuercert = /var/lib/swtpm-localca/swtpm-localca-tpmca-cert.pem certserial = /var/lib/swtpm-localca/certserial SWTPM_PKCS11_PIN = 1234
Report bugs to Stefan Berger <email@example.com>