<?xml version="1.0" ?> <!-- PKI service configurations --> <pki:tokenConfig xmlns:pki="http://www.openca.org/openca/pki/1/0/0"> <!-- Token Name --> <pki:name>eToken-Engine</pki:name> <!-- Token Type (software, hardware) --> <pki:type>engine</pki:type> <!-- HSM specification for server token --> <pki:hsm>etoken-engine</pki:hsm> <!-- Private key identifier (URI - file:// id:// etc.. ) --> <!-- <pki:key>id://id_9E9E7351-35ED-401a-8F70-28F6690660B0:0</pki:key> --> <pki:keyPair>id://label_eTCAPI private key</pki:keyPair> <!-- Certificate identifier (URI) --> <pki:cert>pkcs11:///usr/local/lib/libetpkcs11.so/(slotid="0")(label="(eTCAPI) Massimiliano Pala's Dartmouth College ID")?certificate</pki:cert> <!-- CA Certificate --> <pki:cacert>file://$HOME/.libpki/cacert.pem</pki:cacert> <!-- Where the Password should be read from --> <pki:passin>stdin</pki:passin> <!-- ... or simply specify the password here --> <!-- <pki:passwd></pki:passwd> --> <!-- Certificates --> <pki:otherCerts>file:://$HOME/.libpki/certs.pem</pki:otherCerts> <pki:trustedCerts>file:://$HOME/.libpki/certs.pem</pki:trustedCerts> <!-- Or you can specify a .p12 file where all the data are loaded from --> <!-- <pki:p12>file://$HOME/.libpki/pmi.p12</pki:p12> --> </pki:tokenConfig>