Trouble with gpgsm

Malte Gell malte.gell at
Mon Mar 27 19:52:26 CEST 2006

On Friday 24 March 2006 15:43, gnupg-users at wrote:


>  I
> cannot seem to import the server certificate that it signed.  I
> continually get the following message:
>   5 - 2006-03-23 16:58:30 gpgsm[27069]: self-signed certificate has a
> BAD signature: Bad signature
>   5 - 2006-03-23 16:58:30 gpgsm[27069]: basic certificate checks
> failed - not imported
> OpenSSL will verify the certificate:
> jeff at scales ~ $ openssl verify -CAfile /etc/ssl/certs/My_CA.pem
> ./server.crt server.crt: OK

It is My_CA.pem that you can´t import into the GnuPG system, right? What 
happens if you try the following:

openssl pkcs12 -in My_CA.pem -export -out My_CA.p12 -nocerts -nodes

This should result in My_CA.p12 and next

gpgsm --call-protect-tool --p12-import --store My_CA.p12

Does this work? Does gpgsm --list-secret-keys list it now? _If_ this 
worked you can grab the public part from My_CA.pem with an editor, 
since it is a text file. I took this from a mini-howto that describes 
how to use GnuPG with X.509 certificates that some email providers 


More information about the Gnupg-users mailing list