[Help-gnutls] certtool and win2k

Andrew Suffield asuffield at suffields.me.uk
Mon Apr 25 20:24:49 CEST 2005

Has anybody managed to get certtool/gnutls-generated keys to work with
win2k? I started out with a weird problem, and eventually tracked it
down to something that makes no sense to me at all:

An RSA private key generated with certtool cannot be handled by win2k.

And yes, I do mean *private key*, not certificate. This doesn't work:

certtool -p --outfile key.pem
certtool -s --load-privkey key.pem --outfile cert.pem
certtool --load-privkey key.pem --load-certificate cert.pem --to-p12 --outder --outfile cert.p12

This does:

openssl genrsa -out key.pem 1024
certtool -s --load-privkey key.pem --outfile cert.pem
certtool --load-privkey key.pem --load-certificate cert.pem --to-p12 --outder --outfile cert.p12

Trying to import a key generated with certtool gives an error about
the algorithm not being supported; if the key is generated by openssl,
it works just fine. I can't see any appreciable difference in the keys
generated, and they all work fine with both openssl and gnutls. I
haven't tried it with winxp; it behaves the same way on several win2k
boxes, so if the problem is on that end, there's a need for a
compatibility feature.

So, um, WTF?

[Note that win2k does not handle RSA keys at all until the high
encryption pack is installed]

  .''`.  ** Debian GNU/Linux ** | Andrew Suffield
 : :' :  http://www.debian.org/ |
 `. `'                          |
   `-             -><-          |
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: </pipermail/attachments/20050425/af05f888/attachment.pgp>

More information about the Gnutls-help mailing list