<?xml version="1.0" ?>
<!-- PKI service configurations -->
<pki:tokenConfig xmlns:pki="http://www.openca.org/openca/pki/1/0/0">
  <!-- Token Name -->
  <pki:name>Test</pki:name>
  <!-- Token Type (software, hardware) -->
  <pki:type>engine</pki:type>
  <!-- HSM specification for server token -->
  <pki:hsm>etoken-engine</pki:hsm>
  <!-- Private key identifier (URI - file:// id:// etc.. ) -->
  <!-- <pki:key>id://id_9E9E7351-35ED-401a-8F70-28F6690660B0:0</pki:key> -->
  <pki:keypair>id://label_openca</pki:keypair>
  <!-- Certificate identifier (URI) -->
  <!-- <pki:cert>pkcs11:///usr/local/lib/libetpkcs11.so/(slotid="0")(label="openca")?certificate</pki:cert> -->
  <pki:cert>pkcs11:///usr/lib/libeTPkcs11.so/(slotid="0")(label="openca")?certificate</pki:cert>
  <!-- CA Certificate -->
  <pki:cacert>file://$HOME/.pki/cacert.pem</pki:cacert>
  <!-- Where the Password should be read from -->
  <pki:passin>stdin</pki:passin>
  <!-- ... or simply specify the password here -->
  <!-- <pki:password></pki:password> -->
  <!-- Certificates -->
  <pki:otherCerts>file:://$HOME/.pki/certs.pem</pki:otherCerts>
  <pki:trustedCerts>file:://$HOME/.pki/certs.pem</pki:trustedCerts>
</pki:tokenConfig>