Beta for 2.1.1 available

Hugo Hinterberger hugo.hinterberger at
Tue Nov 25 10:50:24 CET 2014

Hi Kristian,

On Mon, 24 Nov 2014 21:40:22 +0100, Kristian Fiskerstrand  
<kristian.fiskerstrand at> wrote:

> For 2.1 you need the following in dirmngr.conf:
> hkp-cacert /path/to/sks-keyservers.netCA.pem
> instead of
> keyserver-options
> ca-cert-file="C:/Users/<username>/AppData/Roaming/gnupg/sks-keyservers.netCA.crt"

OK, so: sks-keyservers.netCA.crt is a PEM encoded (...BEGIN  
CERTIFICATE...END CERTIFICATE...) certificate and is hardlinked to  
sks-keyservers.netCA.pem . The files are located in %appdata%/gnupg/ .

In dirmngr.conf I have the following line:

In gpg.conf I have also the following line:

This means I have both options set => no change: No keyserver available.

I commented out the line in gpg.conf => still no change.

Pinging the keyserver works.

Hmm... I just tried to:
> wget --certificate=sks-keyservers.netCA.pem  
> ""

and I got:
OpenSSL: error:0906D06C:PEM routines:PEM_read_bio:no start line
OpenSSL: error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib
Disabling SSL due to encountered errors.

OK, using "--ca-certificate" instead of "--certificate" worked, so the  
network seems to be OK.

gpg --keyserver hkps:// --recv-key  
gpg --keyserver --recv-key  

Both fail. Using hkp, on the other hand, works.


More information about the Gnupg-users mailing list