GSP
Quick Navigator
Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages
swtpm-localca.conf(5) swtpm-localca.conf(5)

swtpm-localca.conf - Configuration file for swtpm_localca

The file /etc/swtpm-localca.conf contains configuration variables for the swtpm_localca program.

Entries may contain environment variables that will be resolved. All environment variables must be formatted like this: '${varname}'.

Users may write their own configuration into ${XDG_CONFIG_HOME}/swtpm-localca.conf or if XDG_CONFIG_HOME is not set it may be in ${HOME}/.config/swtpm-localca.conf.

The following configuration variables are supported:

The name of a directory where to store data into. A lock will be created in this directory.
The file containing the key used for signing the certificates. Provide a key in PEM format or a pkcs11 URI.
The password to use for the signing key.
The file containing the certificate for this CA. Provide a certificate in PEM format.
The name of file containing the serial number for the next certificate.

The serial number must be a decimal number and must be representable with 20 bytes or less. Once 21 bytes are used a new random serial number with 20 decimal digits will be created.

This variable can be set to the host where tcsd is running on in case the signing key is a GnuTLS TPM 1.2 key. By default localhost will be used.
This variable can be set to the port on which tcsd is listening for connections. By default port 30003 will be used.
Environment variables, that are needed by pkcs11 modules, can be set using this format. An example for such an environment variable may look like this: 

    env:MY_MODULE_PKCS11_CONFIG = /tmp/mymodule-pkcs11.conf

The line must not contain any trailing spaces.

An example swtpm-localca.conf file may look as follows:

 statedir = /var/lib/swtpm_localca
 signingkey = /var/lib/swtpm_localca/signkey.pem
 issuercert = /var/lib/swtpm_localca/issuercert.pem
 certserial = /var/lib/swtpm_localca/certserial

With a PKCS11 URI it may look like this:

 statedir = /var/lib/swtpm-localca
 signingkey = pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=891b99c169e41301;token=mylabel;id=%00;object=mykey;type=public
 issuercert = /var/lib/swtpm-localca/swtpm-localca-tpmca-cert.pem
 certserial = /var/lib/swtpm-localca/certserial
 SWTPM_PKCS11_PIN = 1234

swtpm_localca

Report bugs to Stefan Berger <stefanb@linux.vnet.ibm.com>

2025-04-30 swtpm
Search for    or go to Top of page |  Section 5 |  Main Index

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.