openssl: Define private key / keyform / engine in configuration file
Clash Royale CLAN TAG#URR8PPP
up vote
0
down vote
favorite
I've successfully set up my openssl environment to use a YubiKey for a CA certificate.
I can sign CSRs with the following command:
openssl ca -engine pkcs11 -keyfile "pkcs11:manufacturer=piv_II;id=%02" -keyform e -infiles pki/reqs/test.req
Now it would be great to get rid of the following part of the command line:
-engine pkcs11 -keyfile "pkcs11:manufacturer=piv_II;id=%02" -keyform e
Is it possible to configure OpenSSL via a configuration file to use this engine/key by default for CA signing operations? How does the configuration for that looks like?
openssl pkcs11
add a comment |Â
up vote
0
down vote
favorite
I've successfully set up my openssl environment to use a YubiKey for a CA certificate.
I can sign CSRs with the following command:
openssl ca -engine pkcs11 -keyfile "pkcs11:manufacturer=piv_II;id=%02" -keyform e -infiles pki/reqs/test.req
Now it would be great to get rid of the following part of the command line:
-engine pkcs11 -keyfile "pkcs11:manufacturer=piv_II;id=%02" -keyform e
Is it possible to configure OpenSSL via a configuration file to use this engine/key by default for CA signing operations? How does the configuration for that looks like?
openssl pkcs11
add a comment |Â
up vote
0
down vote
favorite
up vote
0
down vote
favorite
I've successfully set up my openssl environment to use a YubiKey for a CA certificate.
I can sign CSRs with the following command:
openssl ca -engine pkcs11 -keyfile "pkcs11:manufacturer=piv_II;id=%02" -keyform e -infiles pki/reqs/test.req
Now it would be great to get rid of the following part of the command line:
-engine pkcs11 -keyfile "pkcs11:manufacturer=piv_II;id=%02" -keyform e
Is it possible to configure OpenSSL via a configuration file to use this engine/key by default for CA signing operations? How does the configuration for that looks like?
openssl pkcs11
I've successfully set up my openssl environment to use a YubiKey for a CA certificate.
I can sign CSRs with the following command:
openssl ca -engine pkcs11 -keyfile "pkcs11:manufacturer=piv_II;id=%02" -keyform e -infiles pki/reqs/test.req
Now it would be great to get rid of the following part of the command line:
-engine pkcs11 -keyfile "pkcs11:manufacturer=piv_II;id=%02" -keyform e
Is it possible to configure OpenSSL via a configuration file to use this engine/key by default for CA signing operations? How does the configuration for that looks like?
openssl pkcs11
asked Jul 11 at 6:44
Matthias Lohr
1013
1013
add a comment |Â
add a comment |Â
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f454622%2fopenssl-define-private-key-keyform-engine-in-configuration-file%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password