[Help-gnutls] Re: GNU TLS windows problem.

Simon Josefsson simon at josefsson.org
Thu Sep 27 16:00:58 CEST 2007

Rajeev Saini <rajeev.saini at tcs.com> writes:

> Hi, 
> We are trying to integrate GNU TLS windows library with our application 
> which requires mobile to authenticate a X509 certificate with a TCP Server 
> and then the communication packets between the two can start. 
> My problem is that my test mobile only supports certificate in ..der 
> format. 
> The certtool utility in GNU TLS makes certificates in .pem format and if i 
> rename this .pem format certificate to .der format then the handshaking 
> between the mobile and server fails. 

Yes, the PEM format is a text representation of the DER format.

> My server can use the certificate in ..PEM format but my mobile can only 
> use .der format certificate. 
> How can i make .der format certificates using certtool (or otherwise) such 
> that i can use it on my test mobile and it performs successful hanshaking 
> with the TCP server(which uses .pem or .der certificate from the same 
> corresponding CA). 

You can use the --outder flag to certtool when generating the

If you already have a client certificate for the mobile and want to
convert it to DER, use:

$ certtool -i --infile IN.pem  --outder --outfile OUT.der

However, this doesn't seem to work!  Mea culpa.  The output is garbled
for some reason.  Possibly the --outder flag doesn't work when
generating certificates either.  I'll see if I can debug this.


More information about the Gnutls-help mailing list