The file /etc/swtpm-localca.conf contains configuration variables for the swtpm_localca program.
Entries may contain environment variables that will be resolved. All environment variables must be
formatted like this: '${varname}'.
Users may write their own configuration into ${XDG_CONFIG_HOME}/swtpm-localca.conf or if XDG_CONFIG_HOME
is not set it may be in ${HOME}/.config/swtpm-localca.conf.
The following configuration variables are supported:
statedir
The name of a directory where to store data into. A lock will be created in this directory.
signinkey
The file containing the key used for signing the certificates. Provide a key in PEM format or a
pkcs11 URI.
signingkey_password
The password to use for the signing key.
issuercert
The file containing the certificate for this CA. Provide a certificate in PEM format.
certserial
The name of file containing the serial number for the next certificate.
TSS_TCSD_HOSTNAME
This variable can be set to the host where tcsd is running on in case the signing key is a GnuTLS TPM
1.2 key. By default localhost will be used.
TSS_TCSD_PORT
This variable can be set to the port on which tcsd is listening for connections. By default port
30003 will be used.
env:<environmentvariablename=<value>>
Environment variables, that are needed by pkcs11 modules, can be set using this format. An example
for such an environment variable may look like this:
env:MY_MODULE_PKCS11_CONFIG = /tmp/mymodule-pkcs11.conf
The line must not contain any trailing spaces.
Install Now
