[Help-gnutls] certtool and win2k
Andrew Suffield
asuffield at suffields.me.uk
Mon Apr 25 20:24:49 CEST 2005
Has anybody managed to get certtool/gnutls-generated keys to work with
win2k? I started out with a weird problem, and eventually tracked it
down to something that makes no sense to me at all:
An RSA private key generated with certtool cannot be handled by win2k.
And yes, I do mean *private key*, not certificate. This doesn't work:
certtool -p --outfile key.pem
certtool -s --load-privkey key.pem --outfile cert.pem
certtool --load-privkey key.pem --load-certificate cert.pem --to-p12 --outder --outfile cert.p12
This does:
openssl genrsa -out key.pem 1024
certtool -s --load-privkey key.pem --outfile cert.pem
certtool --load-privkey key.pem --load-certificate cert.pem --to-p12 --outder --outfile cert.p12
Trying to import a key generated with certtool gives an error about
the algorithm not being supported; if the key is generated by openssl,
it works just fine. I can't see any appreciable difference in the keys
generated, and they all work fine with both openssl and gnutls. I
haven't tried it with winxp; it behaves the same way on several win2k
boxes, so if the problem is on that end, there's a need for a
compatibility feature.
So, um, WTF?
[Note that win2k does not handle RSA keys at all until the high
encryption pack is installed]
--
.''`. ** Debian GNU/Linux ** | Andrew Suffield
: :' : http://www.debian.org/ |
`. `' |
`- -><- |
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: </pipermail/attachments/20050425/af05f888/attachment.pgp>
More information about the Gnutls-help
mailing list