How do I create a PKCS#12 file in certtool 2.8.[34]?

Simon Josefsson simon at
Wed Oct 14 16:19:10 CEST 2009

Michael Welsh Duggan <mwd at> writes:

> After an update of GnuTLS, we are no longer able to use certtool to
> create PKCS#12 files.  In both 2.8.3 on a Mac, and 2.8.4 under Linux, I
> get the following error:
> md5i at maru:~/projects/git/netsa/silk/src/sendrcv/tests$ certtool --load-certificate /tmp/cert.pem --load-privkey key1.pem  --to-p12 --outder --outfile /tmp/foo.p12
> Generating a PKCS #12 structure...
> Loading certificate list...
> Loaded 1 certificates.
> Enter a name for the key: Foo
> Enter password: 
> |<1>| Cannot find OID: 1.2.840.113549.1.9.21
> certtool: bag_encrypt: The OID is not supported.

I can reproduce it.

> Any ideas how we can work around this problem?

This was introduced in

So possibly other similar problems are lurking.


More information about the Gnutls-help mailing list