[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[sr #108206] certtool --generate-request error handling
From: |
Daniel Black |
Subject: |
[sr #108206] certtool --generate-request error handling |
Date: |
Thu, 13 Dec 2012 06:43:37 +0000 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/25.0.1354.0 Safari/537.21 |
URL:
<http://savannah.gnu.org/support/?108206>
Summary: certtool --generate-request error handling
Project: GnuTLS
Submitted by: danblack
Submitted on: Thu 13 Dec 2012 06:43:36 AM GMT
Category: None
Priority: 5 - Normal
Severity: 3 - Normal
Status: None
Privacy: Public
Assigned to: None
Originator Email:
Open/Closed: Open
Discussion Lock: Any
Operating System: None
_______________________________________________________
Details:
I did the following two commands recently to get a certificate request of a
CA.
$ certtool --bits 2432 --generate-privkey --outfile key.pem
** Note: Please use the --sec-param instead of --bits
Generating a 2432 bit RSA private key...
$ certtool --generate-request --infile key.pem --outfile request.pem
Generating a PKCS #10 certificate request...
Generating a 2432 bit RSA private key...
....
To a not-so-often user of certtool the mistake is --infile should of been
--load-privkey. While if I'd been astute and noticed the second generation, or
read the manual this would of been obvious. As a result I got the CA to issue
a certificate without actually having the private key anywhere.
As --infile isn't valid with --generate-request can some warning show up when
a generating a certificate request without the private key being saved
anywhere?
I'm sure there's other invalid and dangerous combinations here too.
cheers.
Daniel
failed certtool user :-)
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/support/?108206>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [sr #108206] certtool --generate-request error handling,
Daniel Black <=