[Help-gnutls] Re: unable to get gnutls-serv and -cli to communicate

Evan Martin martine at danga.com
Sat Nov 10 19:08:31 CET 2007

On Nov 4, 2007 1:29 PM, Evan Martin <martine at danga.com> wrote:
> I'm trying to get a simple case of gnutls-serv and -cli communicating
> with an x509 cert, but it's failing.

For future readers of the list: I figured this out.  I think my
problem was a combination of the wrong cert settings and not using DH
params.  I've amended my notes below.

> Following the examples in the "invoking certtool" section of the
> manual, I created a private key and cert:
>   $ certtool --generate-privkey --outfile priv
>   $ head -1 priv
>   $ certtool --generate-self-signed --load-privkey priv --outfile cert

You can just hit enter (answering "no") to every question except the
cert lifetime (how many days) as well as "Will the certificate be used
for signing (required for TLS)? (Y/N)", to which you obviously answer

>   $ head -1 cert

This is now enough to make communcation work if you use those files
with "openssl s_server".

However, for gnutls-serv, you also need Diffie-Hellman params.  You
can either generate those with "certtool --generate-dh-params" and
load them with "gnutls-serv --dhparams", or just run gnutls-serv with
"--generate" to generate them.

> In case it matters:
> $ dpkg -s gnutls-bin | grep Version
> Version: 1.6.3-1build1

More information about the Gnutls-help mailing list