[Help-gnutls] Re: Error making certificate
devel
dev001 at pas-world.com
Thu Mar 15 22:32:09 CET 2007
Well, now seems to work.
-> Key, csr, crt, .p12
But I can not import client certificates in any mail client.
Import .p12 without any problem, and CA certificate, but I can not see
the client certificate to sign mail, client certificate, and encryption
certificate to select it.
The test scripts:
To make CA
> certtool -p --bits 2048 > ca.key
> echo "Key ready / Llave generada"
>
> # Use --load-request or --infile ?
> certtool -s --outfile ca.crt --load-privkey ca.key
> echo "CA Generated / Peticion de certificado generada"
> certtool -i --infile ca.crt
>
>
To make client:
> PASS="gnutls"
> certtool -p > new-user.key
> #echo "Client Key Ready"
>
> # Use --load-request or --infile ?
>
> certtool -q --outfile new-user.csr --load-privkey new-user.key --password $PASS
> echo "CSR Ready"
>
> certtool -q --outfile new-user.csr --to-p12 --load-privkey new-user.key --password $PASS
>
> certtool -c --load-request new-user.csr --outfile new-user.crt --load-ca-certificate ca.crt --load-ca-privkey ca.key --load-privkey new-user.key --password $PASS
> echo "CRT Ready"
>
> certtool --load-certificate new-user.crt --load-privkey new-user.key --to-p12 --outder --outfile new-user2.p12
> echo "P12 Ready"
>
> certtool --p12-info --infile new-user.p12 --inder --password $PASS
Anyone works with mail sign certificate in any mail client?
El jue, 15-03-2007 a las 12:18 +0100, Simon Josefsson escribió:
> devel <dev001 at pas-world.com> writes:
>
> > Where I can find 1.6.2 ?
>
> Try the daily build first:
>
> http://josefsson.org/daily/gnutls-1.6/gnutls-1.6-20070315.tar.gz
>
> If it works for you, I'll release it as 1.6.2.
>
> Thanks,
> Simon
>
> >
> > El lun, 12-03-2007 a las 16:52 +0100, Simon Josefsson escribió:
> >> devel <dev001 at pas-world.com> writes:
> >>
> >> > certtool (GnuTLS) 1.6.1
> >> > linux x64
> >> >
> >> >
> >> >> certtool -q --outfile new-user.csr
> >> > Certificate request data input in a shell, certtool ask for it.
> >>
> >> Thanks! I can reproduce it. It seems pkix_asn1_tab.c wasn't
> >> re-generated after fixing the following problem in 1.6.1:
> >>
> >> ** Encode UID fields in DN's as DirectoryString. Before GnuTLS
> >> encoded and parsed UID fields as IA5String. This was incorrect, it
> >> should have used DirectoryString. Now it will use DirectoryString
> >> for the UID field, but for backwards compatibility it will also
> >> accept IA5String UID's. Reported by Max Kellermann
> >> <max at duempel.org>.
> >>
> >> I have fixed this in CVS for the 1.6.x branch:
> >>
> >> ** Regenerate the PKIX ASN.1 syntax tree. For some reason, after
> >> changing the ASN.1 type of ldap-UID in the last release, the
> >> generated C file built from the ASN.1 schema was not refreshed. This
> >> can cause problems when reading/writing UID components inside X.500
> >> Distinguished Names. Reported by devel <dev001 at pas-world.com>.
> >>
> >> Please test tomorrow's daily build and tell me if it solves the
> >> problem for you, and I can release 1.6.2.
> >>
> >> Btw, if anyone wants something in 1.6.2, now would be the time to ask
> >> for it.
> >>
> >> /Simon
> >>
> >> >
> >> >
> >> >
> >> >
> >> > El lun, 12-03-2007 a las 13:40 +0100, Simon Josefsson escribió:
> >> >> devel <dev001 at pas-world.com> writes:
> >> >>
> >> >> > Hello, I am trying to use certtool to make certificate, like another
> >> >> > times.
> >> >> > But this time, with another version of gnutls and other arch, my script
> >> >> > do not work. Here is de problem:
> >> >> >
> >> >> >
> >> >> >> certtool -p > new-user.key
> >> >> >
> >> >> > Work
> >> >> >> certtool -q --outfile new-user.csr --load-privkey new-user.key --password $PASS
> >> >> >
> >> >> > fail, response of system after input parameters:
> >> >> >
> >> >> >> set_dn: ASN1 parser: Element was not found.
> >> >> >
> >> >> > Any suggestion?
> >> >>
> >> >> Can you send me the CSR that trigger the problem? Which version of
> >> >> GnuTLS are you using, and which version of GnuTLS worked before for
> >> >> you?
> >> >>
> >> >> It sounds as if the CSR doesn't contain some field which certtool need
> >> >> to have.
> >> >>
> >> >> /Simon
> >> > --
> >> > --
> >> > Devel in Precio http://www.pas-world.com
> > --
> > --
> > Devel in Precio http://www.pas-world.com
--
--
Devel in Precio http://www.pas-world.com
More information about the Gnutls-help
mailing list