On Wed, 2011-11-30 at 16:31 +0000, Tony Beets wrote: > I was wondering if someone has some documentation / pointers on how to > setup openconnect with certificates stores on the TPM chip. You want the openssl_tpm_engine: http://trousers.git.sourceforge.net/git/gitweb.cgi?p=trousers/openssl_tpm_engine;a=log;h=HEAD See its README file: http://trousers.git.sourceforge.net/git/gitweb.cgi?p=trousers/openssl_tpm_engine;a=blob;f=README;h=b0a18bd7387aef5283214116ed20ef715e32d64c;hb=HEAD It comes with tools which create a key and/or load a key into the TPM. I've used it in a mode where the key isn't actually stored in the TPM; it's stored in an encrypted form and the TPM decrypts it. You end up with a .pem file starting '-----BEGIN TSS KEY BLOB-----' which openconnect should automatically recognise and use the TPM engine for (assuming the TPM engine is installed correctly so that OpenSSL can find it). -- dwmw2
