Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help 
swtpm-localca.conf(5)					 swtpm-localca.conf(5)

NAME
       swtpm-localca.conf - Configuration file for swtpm_localca

DESCRIPTION
       The file	/etc/swtpm-localca.conf	contains configuration variables for
       the swtpm_localca program.

       Entries may contain environment variables that will be resolved.	All
       environment variables must be formatted like this: '${varname}'.

       Users may write their own configuration into
       ${XDG_CONFIG_HOME}/swtpm-localca.conf or	if XDG_CONFIG_HOME is not set
       it may be in ${HOME}/.config/swtpm-localca.conf.

       The following configuration variables are supported:

       statedir
	   The	name  of  a directory where to store data into.	A lock will be
	   created in this directory.

       signinkey
	   The file containing the key	used  for  signing  the	 certificates.
	   Provide a key in PEM	format or a pkcs11 URI.

       signingkey_password
	   The password	to use for the signing key.

       issuercert
	   The	file  containing  the  certificate  for	 this  CA.  Provide  a
	   certificate in PEM format.

       certserial
	   The name  of	 file  containing  the	serial	number	for  the  next
	   certificate.

	   The	 serial	  number   must	 be  a	decimal	 number	 and  must  be
	   representable with 20 bytes or less.	Once 21	bytes are used	a  new
	   random serial number	with 20	decimal	digits will be created.

       TSS_TCSD_HOSTNAME
	   This	 variable  can	be set to the host where tcsd is running on in
	   case	the signing key	is a GnuTLS TPM	1.2 key. By default  localhost
	   will	be used.

       TSS_TCSD_PORT
	   This	 variable  can	be set to the port on which  tcsd is listening
	   for connections. By default port 30003 will be used.

       env:<environment	variable name=<value>>
	   Environment variables, that are needed by pkcs11  modules,  can  be
	   set	using this format. An example for such an environment variable
	   may look like this:

	       env:MY_MODULE_PKCS11_CONFIG = /tmp/mymodule-pkcs11.conf

	   The line must not contain any trailing spaces.

EXAMPLE
       An example swtpm-localca.conf file may look as follows:

	statedir = /var/lib/swtpm_localca
	signingkey = /var/lib/swtpm_localca/signkey.pem
	issuercert = /var/lib/swtpm_localca/issuercert.pem
	certserial = /var/lib/swtpm_localca/certserial

       With a PKCS11 URI it may	look like this:

	statedir = /var/lib/swtpm-localca
	signingkey = pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=891b99c169e41301;token=mylabel;id=%00;object=mykey;type=public
	issuercert = /var/lib/swtpm-localca/swtpm-localca-tpmca-cert.pem
	certserial = /var/lib/swtpm-localca/certserial
	SWTPM_PKCS11_PIN = 1234

SEE ALSO
       swtpm_localca

REPORTING BUGS
       Report bugs to Stefan Berger <stefanb@linux.vnet.ibm.com>

swtpm				  2024-06-17		 swtpm-localca.conf(5)

Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=swtpm-localca.conf&sektion=5&manpath=FreeBSD+Ports+14.3.quarterly>

home | help