TLS server key and certificate generation

jawad.ssuet jawad.ssuet at gmail.com
Thu Sep 24 17:27:36 CEST 2009 

Thanks,

Actually for OpenXCAP to work I have to generate one server.crt and
server.key by using gnutls (as this is only one post on OpenXCAP forum) and
put them under my openxcap/tls folder, so that would my server certification
and key. By the time I emailed I was unable to find method to do this by
gnutls so did this by openssl but I struggled to load the cert/key with
openssl.

On OpenXCAP website this is the only information about certificates.

"" When using TLS you must generate an X.509 certificate and a key. Consult
Internet resources for how to do this. The procedure is the same as for any
other TLS server like Apache web server.  ""

I generate a certificate and private key for OpenXCAP server by using
openssl as follows.

- openssl genrsa -des3 out server.key 1024
- openssl req -new -key server.key -out server.csr
- openssl x509 -req -days 365 -in server.csr -signkey server.key -out
server.crt


So in short I have to generate one server certificate and private key using
gnutls and I will follow procedures on the provided links by you and will
report if that work. I have installed gnutls but havent seen certtool
command ?.


Regards,
Jawad Hussain

On Wed, Sep 23, 2009 at 10:43 PM, Simon Josefsson <simon at josefsson.org>wrote:

> Jawad hussain <jawad.ssuet at gmail.com> writes:
>
> > Hi,
> >
> > I am trying to setting up a OpenXcap server and doing so I encounter
> > following error. So can someone suggest how to generate TLS server
> > certificate and key for OpenXcap server.
> >
> > Sep 23 16:13:55 jawad-desktop openxcap[2710]: fatal error: the TLS
> > certificates or the private key could not be loaded
>
> There is not much information to go on here, can you provide more
> information on what commands you invoke and the files you use as input?
> I'm not familiar with OpenXcap though, so you may find better answers on
> a OpenXcap forum.
>
> Generating keys and certificates is covered in the GnuTLS manual:
>
> http://www.gnu.org/software/gnutls/manual/html_node/Invoking-certtool.html
>
> I blogged about how to create CACert keys/certs some time ago:
>
> http://blog.josefsson.org/2009/04/16/cacert-and-gnutls/
>
> /Simon
>



-
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20090924/1a92937d/attachment.htm>

More information about the Gnutls-help mailing list