Problems handling X.509 certificates

lfinsto at lfinsto at
Mon Nov 30 11:11:49 CET 2009

Laurence Finston wrote:

> One reason I wanted to try verifying a certificate chain using the library
> functions was because of a problem I'm having with the actual certificates
> I need to use.  Verification works in the client and server programs when
> I use certificates generated by `certtool', but it fails when I use my
> certificate from the DFN (Deutsches Forschungsnetz
> ( and its root certificate.
> However, it does work to verify them using `certtool -e'.  Does anyone
> have an idea what the reason for this could be?

Never mind, I found the problem:  I had extracted the private key using
`openssl pkcs12 -nocerts -in usercred.p12 -out userkey.pem' so that key
was encrypted.  It worked after I extracted an unencrypted key using the
`-nodes' option.



Laurence Finston
Gesellschaft fuer wissenschaftliche Datenverarbeitung mbH
Am Fassberg 11
37077 Goettingen

Telefon: 	+49 551 201-1882
E-Mail: 	lfinsto at

More information about the Gnutls-help mailing list