Trouble with gpgsm
Malte Gell
malte.gell at gmx.de
Mon Mar 27 19:52:26 CEST 2006
On Friday 24 March 2006 15:43, gnupg-users at emailgoeshere.com wrote:
Hi,
> I
> cannot seem to import the server certificate that it signed. I
> continually get the following message:
>
> 5 - 2006-03-23 16:58:30 gpgsm[27069]: self-signed certificate has a
> BAD signature: Bad signature
> 5 - 2006-03-23 16:58:30 gpgsm[27069]: basic certificate checks
> failed - not imported
>
> OpenSSL will verify the certificate:
>
> jeff at scales ~ $ openssl verify -CAfile /etc/ssl/certs/My_CA.pem
> ./server.crt server.crt: OK
It is My_CA.pem that you can´t import into the GnuPG system, right? What
happens if you try the following:
openssl pkcs12 -in My_CA.pem -export -out My_CA.p12 -nocerts -nodes
This should result in My_CA.p12 and next
gpgsm --call-protect-tool --p12-import --store My_CA.p12
Does this work? Does gpgsm --list-secret-keys list it now? _If_ this
worked you can grab the public part from My_CA.pem with an editor,
since it is a text file. I took this from a mini-howto that describes
how to use GnuPG with X.509 certificates that some email providers
offer.
hth
Malte
More information about the Gnupg-users
mailing list