[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Help-gnutls] Re: Creating self-signed certicates using the GnuTLS APi
From: |
Simon Josefsson |
Subject: |
[Help-gnutls] Re: Creating self-signed certicates using the GnuTLS APi |
Date: |
Wed, 20 Jun 2007 14:09:03 +0200 |
User-agent: |
Gnus/5.110007 (No Gnus v0.7) Emacs/22.0.95 (gnu/linux) |
Alex Hudson <address@hidden> writes:
> Hey.
>
> I'm having trouble creating a self-signed certificate.
>
> I've created the private key fine, and then attempt to do something
> like:
>
> gnutls_x509_crt_init(&certificate);
> gnutls_x509_crt_set_activation_time(certificate, time(NULL));
> gnutls_x509_crt_set_expiration_time(certificate, time(NULL) + (700 * 24
> * 60 * 60));
> gnutls_x509_crt_set_key(certificate, key);
> gnutls_x509_crt_set_version(certificate, 1);
> gnutls_x509_crt_set_serial(certificate, &cert_version, sizeof(int));
>
> ... but with more error-checking. I then use
> gnutls_x509_crt_set_dn_by_oid() to set some more data on the
> certificate, and gnutls_x509_crt_set_key_usage(), but when I come to use
> gnutls_x509_crt_export() I get:
>
> ASN1 parser: Value was not found.
That error is typically returned when some non-optional fields in the
certificate have not yet been set.
> It seems I'm doing something pretty basically wrong. I've tried
> following what certtool does, but to be honest I got lost :D
>
> Am I doing something clearly wrong? Are there any plain examples I could
> look at?
Did you sign the certificate using gnutls_x509_crt_sign2 or similar?
The signature field is not optional in a certificate.
Generally, I think certtool.c is the best example available, even though
it is a rather large program. But, if my hint helps, please consider to
submit a stripped-down example program to create a self-signed
certificate so that others may learn from it.
/Simon