[Help-gnutls] generating certificates

Pete Naylor pete at geckoworks.com
Fri Oct 17 19:00:03 CEST 2003

Nikos Mavroyanopoulos wrote...

> On Thu, Oct 16, 2003 at 02:59:55PM -0700, Pete Naylor wrote:
> > > You cannot generate or sign certificates using gnutls. You should
> > > use the openssl tools for that.
> > Is that expected to change?  For v1.0 perhaps?  I don't want to install
> > OpenSSL on my systems - that's why I built GnuTLS.
> No this is not expected to change for gnutls v1.0. However new
> versions of gnupg will have this capability. 
> In any case you don't have to install openssl in all your systems.
> You could generate them in a simple system.

I don't want to install OpenSSL on any of my systems - I don't trust it
at all, and in fact I cannot install it since I don't have Perl and
OpenSSL will not build without it (a C library requiring Perl to build
is quite pathetic).  For the moment, I will use the Roxen web server to
generate my self-signed keys/certs.

> The features available for gnutls 1.0, are features that
> are needed in TLS servers, and TLS-enabled web browsers. That is
> certificate request generation/parsing, private key generation/parsing,
> pkcs #12 packet parsing and generation, certificate parsing etc.

That doesn't seem to be the case, since I wanted to run a TLS server, but
the tools required to generate a self-signed key/cert are not included.
IMHO, that represents a serious deficiency in the package which will make
it less attractive as a solution for many users.

More information about the Gnutls-help mailing list