Hi all, and first excuse me to be totally beginner about gnutls .I'm trying to create certificates with the TPM and connect to a server. I use a BeagleboardxM, TPM 1.2 with a Debian, 3.7 Kernel and gnutls-3.1.1. I've create the following keys and certificates (pubkey, ca-cert, ca-key, cert):
$ tpmtool --generate-rsa --bits 2048 --register --user tpmkey:uuid=9f59a38c-771a-41b8-86c9-c4f3095c6859;storage=user $ tpmtool --pubkey "tpmkey:uuid=9f59a38c-771a-41b8-86c9-c4f3095c6859;storage=user" --outfile=pubkey.pem $ certtool --generate-privkey --load-privkey "tpmkey:uuid=9f59a38c-771a-41b8-86c9-c4f3095c6859;storage=user" --outfile ca-key.pem $ certtool --generate-self-signed --load-privkey ca-key.pem --outfile ca-cert.pem $ certtool --generate-certificate --outfile cert.pem --load-privkey "tpmkey:uuid=9f59a38c-771a-41b8-86c9-c4f3095c6859;storage=user" --load-pubkey pubkey.pem --load-ca-certificate ca-cert.pem --load-ca-privkey ca-key.pem For a first test I create a server on the BeagleBoard and connect with the client to local host and get the following client error: Server: $ gnutls-serv --x509cafile /etc/ssl/certs/ca-cert.pem --x509keyfile /etc/ssl/certs/ca-key.pem -p 443 Set static Diffie-Hellman parameters, consider --dhparams. Processed 1 CA certificate(s). HTTP Server listening on IPv4 0.0.0.0 port 443...done HTTP Server listening on IPv6 :: port 443...done Client: $ gnutls-cli --x509keyfile " tpmkey:uuid=9f59a38c-771a-41b8-86c9-c4f3095c6859;storage=user " --x509certfile /etc/ssl/certs/cert.pem -p 443 localhost Processed 141 CA certificate(s). Token 'SRK' with URL 'TPM' requires user PIN Enter PIN: Processed 1 client X.509 certificates... Resolving 'localhost'... Connecting to '127.0.0.1:443'... *** Fatal error: A TLS fatal alert has been received. *** Received alert [40]: Handshake failed No certificates found! *** Handshake has failed GnuTLS error: A TLS fatal alert has been received. I dont know where my mistakes are. Thanks for your time, and for moreover for those great tools . Florian
_______________________________________________ Gnutls-help mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnutls-help
