On Fri, 2020-03-13 at 12:31 +0100, Grant Williamson wrote: > With this method I can create a wrapped private key and connect to our vpn. > > However I still need to extract the certificates to connect. Right. > With my original p12(not wrapped) I can connect to our vpn gateway > without specifying the certificates. > > I am wondering if there is a way to repack the tpm wrapped private key > and certs into a new p12 file . > > i.e. > create_tpm2_key -w private.pem private-key-tpm-wrapped.pem Not into a PKCS#12 file but you can put the cert and the TPM-wrapped key into the same PEM file. $ cat private-key-tpm-wrapped.pem user_cart.crt > cert-and-key.pem And perhaps append your ca_cert.crt if that is the one that issued your user_cert and you want to include it on the wire.
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ openconnect-devel mailing list openconnect-devel@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/openconnect-devel
