[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[sr #108206] certtool --generate-request error handling

From: Daniel Black
Subject: [sr #108206] certtool --generate-request error handling
Date: Thu, 13 Dec 2012 06:43:37 +0000
User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/25.0.1354.0 Safari/537.21


                 Summary: certtool --generate-request error handling
                 Project: GnuTLS
            Submitted by: danblack
            Submitted on: Thu 13 Dec 2012 06:43:36 AM GMT
                Category: None
                Priority: 5 - Normal
                Severity: 3 - Normal
                  Status: None
                 Privacy: Public
             Assigned to: None
        Originator Email: 
             Open/Closed: Open
         Discussion Lock: Any
        Operating System: None



I did the following two commands recently to get a certificate request of a

$ certtool --bits 2432 --generate-privkey --outfile key.pem
** Note: Please use the --sec-param instead of --bits
Generating a 2432 bit RSA private key...

$ certtool --generate-request --infile key.pem  --outfile request.pem
Generating a PKCS #10 certificate request...
Generating a 2432 bit RSA private key...

To a not-so-often user of certtool the mistake is --infile should of been
--load-privkey. While if I'd been astute and noticed the second generation, or
read the manual this would of been obvious. As a result I got the CA to issue
a certificate without actually having the private key anywhere.

As --infile isn't valid with --generate-request can some warning show up when
a generating a certificate request without the private key being saved

I'm sure there's other invalid and dangerous combinations here too.


failed certtool user :-)


Reply to this item at:


  Message sent via/by Savannah

reply via email to

[Prev in Thread] Current Thread [Next in Thread]