Dear GnuTLS mailing list, I have posted this to ubuntu.stackexchange.com already but have a feeling this mailing list might know a bit more. Alternative solutions welcome although I'm deliberately trying to avoid OpenSSL, which I'm pretty sure is capable of handling this.
I'm struggling with certtool from the gnutls package on Ubuntu server 12.04.3. I'm trying to follow this guide ( https://help.ubuntu.com/community/GnuTLS) but with an encrypted key. I've created my encrypted private key like so. # certtool \ > --generate-privkey \ > --pkcs8 \ > --sec-param low \ > --pkcs-cipher aes-256 \ > --outfile ca_key.pkcs8 Generating a 1248 bit RSA private key... Enter password: Confirm password: Now I would like to create a self signed certificate using this key with the following command. Instead of prompting me for the password for the private key though, I get the following error. # certtool \ > --generate-self-signed \ > --load-privkey ca_key.pkcs8 \ > --pkcs8 \ > --pkcs-cipher aes-256 \ > --template ca_template Generating a self signed certificate... Segmentation fault (core dumped) If I attempt this with the same template and an unencrypted private key it works. Or if I use the encrypted key without a template, it also works. # certtool --generate-privkey --sec-param low --outfile ca_key Generating a 1248 bit RSA private key... # certtool --generate-self-signed --load-privkey ca_key --template ca_template Generating a self signed certificate... X.509 Certificate Information: Version: 3 ... # certtool --generate-self-signed --load-privkey ca_key.pkcs8 --pkcs8 --pkcs-cipher aes-256 Generating a self signed certificate... Enter password: Please enter the details of the certificate's distinguished name. Just press enter to ignore a field. Country name (2 chars): GB ... Is there a way to make certtool accept both a template file and an encrypted private key? Or do I need to script the decryption of the private key to a temporary key file to pass to certtool? Thanks and regards, Samuel H.
_______________________________________________ Gnutls-help mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnutls-help
