swtpm-localca.conf

swtpm-localca.conf(5) swtpm-localca.conf(5)

NAME

   swtpm-localca.conf - Configuration file for swtpm_localca

DESCRIPTION

   The file /etc/swtpm-localca.conf contains configuration variables for the swtpm_localca program.

   Entries may contain environment variables that will be resolved. All environment variables must be formatted like this: '${varname}'.

   Users may write their own configuration into ${XDG_CONFIG_HOME}/swtpm-localca.conf or if XDG_CONFIG_HOME is not set it may be in ${HOME}/.config/swtpm-localca.conf.

   The following configuration variables are supported:

   statedir
       The name of a directory where to store data into. A lock will be created in this directory.

   signinkey
       The file containing the key used for signing the certificates. Provide a key in PEM format or a pkcs11 URI.

   signingkey_password
       The password to use for the signing key.

   issuercert
       The file containing the certificate for this CA. Provide a certificate in PEM format.

   certserial
       The name of file containing the serial number for the next certificate.

   TSS_TCSD_HOSTNAME
       This variable can be set to the host where tcsd is running on in case the signing key is a GnuTLS TPM 1.2 key. By default localhost will be used.

   TSS_TCSD_PORT
       This variable can be set to the port on which  tcsd is listening for connections. By default port 30003 will be used.

   env:<environment variable name=<value>>
       Environment variables, that are needed by pkcs11 modules, can be set using this format. An example for such an environment variable may look like this:

           env:MY_MODULE_PKCS11_CONFIG = /tmp/mymodule-pkcs11.conf

       The line must not contain any trailing spaces.

EXAMPLE

   An example swtpm-localca.conf file may look as follows:

    statedir = /var/lib/swtpm_localca
    signingkey = /var/lib/swtpm_localca/signkey.pem
    issuercert = /var/lib/swtpm_localca/issuercert.pem
    certserial = /var/lib/swtpm_localca/certserial

   With a PKCS11 URI it may look like this:

    statedir = /var/lib/swtpm-localca
    signingkey = pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=891b99c169e41301;token=mylabel;id=%00;object=mykey;type=public
    issuercert = /var/lib/swtpm-localca/swtpm-localca-tpmca-cert.pem
    certserial = /var/lib/swtpm-localca/certserial
    SWTPM_PKCS11_PIN = 1234

SEE ALSO

   swtpm_localca

REPORTING BUGS

   Report bugs to Stefan Berger <stefanb@linux.vnet.ibm.com>

swtpm 2024-11-02 swtpm-localca.conf(5)