[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Help-gnutls] certtool and win2k

From: Andrew Suffield
Subject: [Help-gnutls] certtool and win2k
Date: Mon, 25 Apr 2005 19:24:49 +0100
User-agent: Mutt/1.5.9i

Has anybody managed to get certtool/gnutls-generated keys to work with
win2k? I started out with a weird problem, and eventually tracked it
down to something that makes no sense to me at all:

An RSA private key generated with certtool cannot be handled by win2k.

And yes, I do mean *private key*, not certificate. This doesn't work:

certtool -p --outfile key.pem
certtool -s --load-privkey key.pem --outfile cert.pem
certtool --load-privkey key.pem --load-certificate cert.pem --to-p12 --outder 
--outfile cert.p12

This does:

openssl genrsa -out key.pem 1024
certtool -s --load-privkey key.pem --outfile cert.pem
certtool --load-privkey key.pem --load-certificate cert.pem --to-p12 --outder 
--outfile cert.p12

Trying to import a key generated with certtool gives an error about
the algorithm not being supported; if the key is generated by openssl,
it works just fine. I can't see any appreciable difference in the keys
generated, and they all work fine with both openssl and gnutls. I
haven't tried it with winxp; it behaves the same way on several win2k
boxes, so if the problem is on that end, there's a need for a
compatibility feature.

So, um, WTF?

[Note that win2k does not handle RSA keys at all until the high
encryption pack is installed]

  .''`.  ** Debian GNU/Linux ** | Andrew Suffield
 : :' : |
 `. `'                          |
   `-             -><-          |

Attachment: signature.asc
Description: Digital signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]