dwww Home | Manual pages | Find package

swtpm-localca.conf(5)                                    swtpm-localca.conf(5)

NAME
       swtpm-localca.conf - Configuration file for swtpm_localca

DESCRIPTION
       The file /etc/swtpm-localca.conf contains configuration variables for
       the swtpm_localca program.

       Entries may contain environment variables that will be resolved. All
       environment variables must be formatted like this: '${varname}'.

       Users may write their own configuration into
       ${XDG_CONFIG_HOME}/swtpm-localca.conf or if XDG_CONFIG_HOME is not set
       it may be in ${HOME}/.config/swtpm-localca.conf.

       The following configuration variables are supported:

       statedir
           The name of a directory where to store data into. A lock will be
           created in this directory.

       signinkey
           The file containing the key used for signing the certificates.
           Provide a key in PEM format or a pkcs11 URI.

       signingkey_password
           The password to use for the signing key.

       issuercert
           The file containing the certificate for this CA. Provide a
           certificate in PEM format.

       certserial
           The name of file containing the serial number for the next
           certificate.

       TSS_TCSD_HOSTNAME
           This variable can be set to the host where tcsd is running on in
           case the signing key is a GnuTLS TPM 1.2 key. By default localhost
           will be used.

       TSS_TCSD_PORT
           This variable can be set to the port on which  tcsd is listening
           for connections. By default port 30003 will be used.

       env:<environment variable name=<value>>
           Environment variables, that are needed by pkcs11 modules, can be
           set using this format. An example for such an environment variable
           may look like this:

               env:MY_MODULE_PKCS11_CONFIG = /tmp/mymodule-pkcs11.conf

           The line must not contain any trailing spaces.

EXAMPLE
       An example swtpm-localca.conf file may look as follows:

        statedir = /var/lib/swtpm_localca
        signingkey = /var/lib/swtpm_localca/signkey.pem
        issuercert = /var/lib/swtpm_localca/issuercert.pem
        certserial = /var/lib/swtpm_localca/certserial

       With a PKCS11 URI it may look like this:

        statedir = /var/lib/swtpm-localca
        signingkey = pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=891b99c169e41301;token=mylabel;id=%00;object=mykey;type=public
        issuercert = /var/lib/swtpm-localca/swtpm-localca-tpmca-cert.pem
        certserial = /var/lib/swtpm-localca/certserial
        SWTPM_PKCS11_PIN = 1234

SEE ALSO
       swtpm_localca

REPORTING BUGS
       Report bugs to Stefan Berger <stefanb@linux.vnet.ibm.com>

swtpm                             2023-05-18             swtpm-localca.conf(5)

Generated by dwww version 1.15 on Sat Jun 29 02:31:31 CEST 2024.