diff options
| -rw-r--r-- | Makefile | 3 | ||||
| -rw-r--r-- | ca.cnf | 4 |
2 files changed, 6 insertions, 1 deletions
@@ -3,6 +3,7 @@ ca.crl: crlnumber index.txt openssl ca \ -verbose \ + -engine pkcs11 -keyform engine \ -config ca.cnf \ -gencrl \ -out ca.crl @@ -10,6 +11,7 @@ ca.crl: crlnumber index.txt revoke: openssl ca \ -verbose \ + -engine pkcs11 -keyform engine \ -config ca.cnf \ -revoke sub.crt @@ -18,6 +20,7 @@ sub.crt: sub.csr touch index.txt openssl ca \ -verbose \ + -engine pkcs11 -keyform engine \ -config ca.cnf \ -extensions extensions_sub \ -notext \ @@ -12,7 +12,9 @@ database = $dir/index.txt serial = $dir/serial RANDFILE = $dir/.rand -private_key = $dir/ca.key +#private_key = $dir/ca.key +# https://support.nitrokey.com/t/pki-ca-nitrokey-hsm-does-not-support-signing/2598/6 +private_key = pkcs11:model=PKCS%2315%20emulated;manufacturer=piv_II;serial=a8465bfa9b8f461e;token=Yuuta%20Root%20CA;id=%02;object=SIGN%20key;type=private certificate = $dir/ca.crt # CRL |