How do I create a PKCS#12 file in certtool 2.8.[34]?

Michael Welsh Duggan mwd at
Mon Oct 12 20:32:20 CEST 2009

After an update of GnuTLS, we are no longer able to use certtool to
create PKCS#12 files.  In both 2.8.3 on a Mac, and 2.8.4 under Linux, I
get the following error:

md5i at maru:~/projects/git/netsa/silk/src/sendrcv/tests$ certtool --load-certificate /tmp/cert.pem --load-privkey key1.pem  --to-p12 --outder --outfile /tmp/foo.p12
Generating a PKCS #12 structure...
Loading certificate list...
Loaded 1 certificates.
Enter a name for the key: Foo
Enter password: 
|<1>| Cannot find OID: 1.2.840.113549.1.9.21
certtool: bag_encrypt: The OID is not supported.

Any ideas how we can work around this problem?

Michael Welsh Duggan
(mwd at

More information about the Gnutls-help mailing list