On Wed, Sep 4, 2019 at 4:43 AM Nicolas Mora <[email protected]> wrote: > > Hello, > > I'm trying to generate a private RSA key, extract a certificate and sign > the certificate using the GnuTLS C API. > > Basically, I try to reproduce the following certtool commands using the > API only: > certtool --generate-privkey --outfile client.key --bits=4096 > certtool --generate-request --load-privkey client.key --outfile client.csr > certtool --generate-certificate --load-request client.csr > --load-ca-certificate root.crt --load-ca-privkey root.key --outfile > client.crt > > The files root.key and root.crt already exist and contain the private > key and self-signed certificate of the CA. > > I test with the code below but I got the following error message: > error gnutls_x509_crt_sign2: -43 > which is GNUTLS_E_CERTIFICATE_ERROR > > What did I do wrong with my certificate?
Most likely you have already figured the issue, but in general a way to debug such applications is by setting the GNUTLS_DEBUG_LEVEL variable to a number from 3 to 9. It will provide more output which can help figure the issue. regards, Nikos _______________________________________________ Gnutls-help mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnutls-help
