Certificate signing with an ePass2003

I have a fairly creative ssl setup on my webserver: I run my own ‘certificate authority’ which signs the server certificate; I have a bunch of alternative names specified; The CA certificate sits on an ePass 2003 PKI token. I’m writing down how I sign certificates in this context so I can use this to look up the procedure instead of spending hours in DuckDuckGo. This is more of a tutorial than elegant prose.

OpenSC, Gentoo & Feitian ePass 2003

While playing with my ePass2003 on my Gentoo installation today, I had some trouble getting it to work. As it turned out, you need the following use flags enabled: # /etc/portage/package.use dev-libs/opensc pcsc-lite secure-messaging Hope this helps someone.