[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Help-gnutls] certtool and win2k
From: |
Andrew Suffield |
Subject: |
[Help-gnutls] certtool and win2k |
Date: |
Mon, 25 Apr 2005 19:24:49 +0100 |
User-agent: |
Mutt/1.5.9i |
Has anybody managed to get certtool/gnutls-generated keys to work with
win2k? I started out with a weird problem, and eventually tracked it
down to something that makes no sense to me at all:
An RSA private key generated with certtool cannot be handled by win2k.
And yes, I do mean *private key*, not certificate. This doesn't work:
certtool -p --outfile key.pem
certtool -s --load-privkey key.pem --outfile cert.pem
certtool --load-privkey key.pem --load-certificate cert.pem --to-p12 --outder
--outfile cert.p12
This does:
openssl genrsa -out key.pem 1024
certtool -s --load-privkey key.pem --outfile cert.pem
certtool --load-privkey key.pem --load-certificate cert.pem --to-p12 --outder
--outfile cert.p12
Trying to import a key generated with certtool gives an error about
the algorithm not being supported; if the key is generated by openssl,
it works just fine. I can't see any appreciable difference in the keys
generated, and they all work fine with both openssl and gnutls. I
haven't tried it with winxp; it behaves the same way on several win2k
boxes, so if the problem is on that end, there's a need for a
compatibility feature.
So, um, WTF?
[Note that win2k does not handle RSA keys at all until the high
encryption pack is installed]
--
.''`. ** Debian GNU/Linux ** | Andrew Suffield
: :' : http://www.debian.org/ |
`. `' |
`- -><- |
signature.asc
Description: Digital signature
- [Help-gnutls] certtool and win2k,
Andrew Suffield <=