diff options
author | Trumeet <yuuta@yuuta.moe> | 2023-06-23 14:49:51 -0700 |
---|---|---|
committer | Trumeet <yuuta@yuuta.moe> | 2023-06-23 14:49:51 -0700 |
commit | 35deca68d108a51054780943c20e2d597ffbc17d (patch) | |
tree | ecd7cdf8346a0e9a71591c1ab523e159d00a307d | |
parent | 3a778dc82e54605326cdf26a29b57e4c496603f3 (diff) | |
download | ca-35deca68d108a51054780943c20e2d597ffbc17d.tar ca-35deca68d108a51054780943c20e2d597ffbc17d.tar.gz ca-35deca68d108a51054780943c20e2d597ffbc17d.tar.bz2 ca-35deca68d108a51054780943c20e2d597ffbc17d.zip |
Use HSM
-rw-r--r-- | Makefile | 3 | ||||
-rw-r--r-- | ca.cnf | 4 |
2 files changed, 6 insertions, 1 deletions
@@ -3,6 +3,7 @@ ca.crl: crlnumber index.txt openssl ca \ -verbose \ + -engine pkcs11 -keyform engine \ -config ca.cnf \ -gencrl \ -out ca.crl @@ -10,6 +11,7 @@ ca.crl: crlnumber index.txt revoke: openssl ca \ -verbose \ + -engine pkcs11 -keyform engine \ -config ca.cnf \ -revoke sub.crt @@ -18,6 +20,7 @@ sub.crt: sub.csr touch index.txt openssl ca \ -verbose \ + -engine pkcs11 -keyform engine \ -config ca.cnf \ -extensions extensions_sub \ -notext \ @@ -12,7 +12,9 @@ database = $dir/index.txt serial = $dir/serial RANDFILE = $dir/.rand -private_key = $dir/ca.key +#private_key = $dir/ca.key +# https://support.nitrokey.com/t/pki-ca-nitrokey-hsm-does-not-support-signing/2598/6 +private_key = pkcs11:model=PKCS%2315%20emulated;manufacturer=piv_II;serial=a8465bfa9b8f461e;token=Yuuta%20Root%20CA;id=%02;object=SIGN%20key;type=private certificate = $dir/ca.crt # CRL |