[Help-gnutls] Re: GNU TLS windows problem.

Fri Sep 28 09:47:17 CEST 2007

Hi Simon,
Thanks for the reply.
It is very important for us to convert our certificate from PEM to DER 
format such that the mobile can use it.
certtool -i --infile IN.pem  --outder --outfile OUT.der

If possible kindly provide a patch of gnutls such that the above command 
correctly generates the DER format certificate.

Regards,
Rajeev Saini

____________________________________________
Experience certainty.   IT Services
                        Business Solutions
                        Outsourcing
____________________________________________

Simon Josefsson <simon at josefsson.org> 
09/27/2007 07:30 PM

To
Rajeev Saini <rajeev.saini at tcs.com>
cc
help-gnutls at gnu.org
Subject
Re: GNU TLS windows problem.

Rajeev Saini <rajeev.saini at tcs.com> writes:

> Hi, 
> We are trying to integrate GNU TLS windows library with our application 
> which requires mobile to authenticate a X509 certificate with a TCP 
Server 
> and then the communication packets between the two can start. 
>
> My problem is that my test mobile only supports certificate in ..der 
> format. 
> The certtool utility in GNU TLS makes certificates in .pem format and if 
i 
> rename this .pem format certificate to .der format then the handshaking 
> between the mobile and server fails. 

Yes, the PEM format is a text representation of the DER format.

> My server can use the certificate in ..PEM format but my mobile can only 

> use .der format certificate. 
> How can i make .der format certificates using certtool (or otherwise) 
such 
> that i can use it on my test mobile and it performs successful 
hanshaking 
> with the TCP server(which uses .pem or .der certificate from the same 
> corresponding CA). 

You can use the --outder flag to certtool when generating the
certificate.

If you already have a client certificate for the mobile and want to
convert it to DER, use:

$ certtool -i --infile IN.pem  --outder --outfile OUT.der

However, this doesn't seem to work!  Mea culpa.  The output is garbled
for some reason.  Possibly the --outder flag doesn't work when
generating certificates either.  I'll see if I can debug this.

/Simon

ForwardSourceID:NT00006216 
=====-----=====-----=====
Notice: The information contained in this e-mail
message and/or attachments to it may contain 
confidential or privileged information. If you are 
not the intended recipient, any dissemination, use, 
review, distribution, printing or copying of the 
information contained in this e-mail message 
and/or attachments to it are strictly prohibited. If 
you have received this communication in error, 
please notify us by reply e-mail or telephone and 
immediately and permanently delete the message 
and any attachments. Thank you

-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20070928/b87ffd3b/attachment.htm>