[Help-gnutls] Re: GNU TLS windows problem.
simon at josefsson.org
Thu Sep 27 16:00:58 CEST 2007
Rajeev Saini <rajeev.saini at tcs.com> writes:
> We are trying to integrate GNU TLS windows library with our application
> which requires mobile to authenticate a X509 certificate with a TCP Server
> and then the communication packets between the two can start.
> My problem is that my test mobile only supports certificate in ..der
> The certtool utility in GNU TLS makes certificates in .pem format and if i
> rename this .pem format certificate to .der format then the handshaking
> between the mobile and server fails.
Yes, the PEM format is a text representation of the DER format.
> My server can use the certificate in ..PEM format but my mobile can only
> use .der format certificate.
> How can i make .der format certificates using certtool (or otherwise) such
> that i can use it on my test mobile and it performs successful hanshaking
> with the TCP server(which uses .pem or .der certificate from the same
> corresponding CA).
You can use the --outder flag to certtool when generating the
If you already have a client certificate for the mobile and want to
convert it to DER, use:
$ certtool -i --infile IN.pem --outder --outfile OUT.der
However, this doesn't seem to work! Mea culpa. The output is garbled
for some reason. Possibly the --outder flag doesn't work when
generating certificates either. I'll see if I can debug this.
More information about the Gnutls-help