[Help-gnutls] Thinking in public

Fco .J. Arias javi at productshome.com
Tue Jul 19 15:23:51 CEST 2005

I'm testing gnutls some time, and only see this problems (no bugs).
-With option --template <> in certtool, fields without value are
generated in blank.
-Certtool do not accept all fields needed to generate a certificate in
command line.
- strange Syntax of certtool, --load-request --infile
- information printed by program to user is little, and while user is
learning gnutls syntax can be generated incorrect certificates.

For this reasons, make a CA is difficult for normal user.
Scripts like this can't solve this problem:
> #generate a user CA signed certificate.
> PASS="lula"
> certtool -p > new-user.key
> # Use --load-request or --infile ? 
> certtool -q --outfile new-user.csr --load-privkey new-user.key --password $PASS --template certtool.cfg
> #certtool -q --outfile new-user.csr --to-p12 --load-privkey new-user.key --password $PASS 
> certtool -c --load-request new-user.csr --outfile new-user.crt --load-ca-certificate ca.crt --load-ca-privkey ca.key --load-privkey new-user.key --password $PASS
> certtool --load-certificate new-user.crt --load-privkey new-user.key --to-p12 --outder --outfile new-user.p12
> certtool --p12-info --infile new-user.p12 --inder --password $PASS

Is a good idea modify certtool?
Can be a good idea make an executable to manage a non professional
simple Certificate Authority? 

Should I modify certtool?

Thanks for your time...
Fco .J. Arias <javi at productshome.com>

More information about the Gnutls-help mailing list