[Help-gnutls] Re: Creating self-signed certicates using the GnuTLS APi
simon at josefsson.org
Wed Jun 20 14:09:03 CEST 2007
Alex Hudson <home at alexhudson.com> writes:
> I'm having trouble creating a self-signed certificate.
> I've created the private key fine, and then attempt to do something
> gnutls_x509_crt_set_activation_time(certificate, time(NULL));
> gnutls_x509_crt_set_expiration_time(certificate, time(NULL) + (700 * 24
> * 60 * 60));
> gnutls_x509_crt_set_key(certificate, key);
> gnutls_x509_crt_set_version(certificate, 1);
> gnutls_x509_crt_set_serial(certificate, &cert_version, sizeof(int));
> ... but with more error-checking. I then use
> gnutls_x509_crt_set_dn_by_oid() to set some more data on the
> certificate, and gnutls_x509_crt_set_key_usage(), but when I come to use
> gnutls_x509_crt_export() I get:
> ASN1 parser: Value was not found.
That error is typically returned when some non-optional fields in the
certificate have not yet been set.
> It seems I'm doing something pretty basically wrong. I've tried
> following what certtool does, but to be honest I got lost :D
> Am I doing something clearly wrong? Are there any plain examples I could
> look at?
Did you sign the certificate using gnutls_x509_crt_sign2 or similar?
The signature field is not optional in a certificate.
Generally, I think certtool.c is the best example available, even though
it is a rather large program. But, if my hint helps, please consider to
submit a stripped-down example program to create a self-signed
certificate so that others may learn from it.
More information about the Gnutls-help