alexvanin/certificates
1
0
Fork 0
forked from TrueCloudLab/certificates
Code Pull requests Activity

Add note about PKCS#11

Browse source
This commit is contained in:
Carl Tashian 2021-02-01 11:56:24 -08:00
parent 9fd0964e1c
commit 73fc350b84
1 changed files with 2 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
systemd/step-ca.service
View file

@ -30,7 +30,8 @@ SecureBits=keep-caps
NoNewPrivileges=yes
; Sandboxing
; This works with YubiKey PIV (via pcscd), and presumably with YubiHSM2 via http connector
; This sandboxing works with YubiKey PIV (via pcscd HTTP API), but it is likely
; too restrictive for PKCS#11 HSMs.
ProtectSystem=full
ProtectHome=true
RestrictNamespaces=true