...
sudo dnf update
sudo dnf install ccid opensc pcsc-tools p11-kit nss-tools python3-tkinter rpmdevtools libsss_sudo krb5-pkinit dialog openssl fedora-packager rpmdevtools gcc vim-common openssl-pkcs11 docbook-style-xsl openldap-devel openssl-devel pam-devel pcsc-lite-devel pkgconf
|
Загрузите модуль librtpkcs11ecp.so и установите:
sudo rpm -i librtpkcs11ecp-2.6.1.0-1.x86_64.rpm
|
Установка pam_pkcs11
Скачайте pam_pkcs11-X.Y.Z.tar.gz.
...
pkcs11-tool --module /usr/lib64/librtpkcs11ecp.so --keypairgen --key-type rsa:2048 -l --id 45
|
Параметр id задает идентификатор ключевой пары.
...
openssl_conf = openssl_init
[openssl_init]
engines = engine_section
[engine_section]
pkcs11 = pkcs11_section
[pkcs11_section]
engine_id = pkcs11
dynamic_path = /path/to/engine_pkcs11.so //например, / usr/lib/x86_64-linux-gnu/lib64/engines-3/pkcs11.so
MODULE_PATH = /path/to/rtpkcs11ecp.so //например, /usr/liblib64/librtpkcs11ecp.so
default_algorithms = ALL
|
...
$ OPENSSL_CONF=/path/to/engine.conf openssl req -engine pkcs11 -x509 -new -key 0:45 -keyform engine -out cert.crt -subj "/C=RU/ST=Moscow/L=Moscow/O=Aktiv/OU=dev/CN=testuser/emailAddress=testuser@mail.com"
OPENSSL_CONF=/home/user/Загрузки/engine.conf openssl req -engine pkcs11 -x509 -new -key 0:45 -keyform engine -out cert.crt -subj "/СN=test/C=RU/ST=Moscow/L=Moscow/O=Aktiv/OU=dev/emailAddress=testuser@mail.com" |
Сохраните сертификат на токене:
...