nOOb Error : No certificates found!

lfinsto at gwdg.de lfinsto at gwdg.de
Wed Apr 14 12:17:26 CEST 2010 

Is your private key encrypted?  This may be the problem.  At any rate, it
was a problem I ran into when I was trying to get my server-client pair
working.  I don't recall all of the details I learned at the time, so I
apologize if this suggestion is wrong or of no use.

However, if this is the problem, you'll have to generate an unencrypted
key. This is how I generated an unencrypted key from a p12 file using
openssl.  I'd have to look up whether it's possible to do it with a
command from the GNUTLS package and if so, how:

openssl pkcs12 -nodes -nocerts -in usercred.p12 -out userkey.pem

I would expect that it would be possible to generate an unencrypted key
from an encrypted one.

Laurence Finston

On Wed, April 14, 2010 11:51 am, gonzagueddr wrote:
> I've tried "gnutls-cli -d 1 -p 22222 --x509certfile /path/servercert.pem
--x509cafile /path/cacert.pem --x509keyfile /path/serverkey.pem
domain.org
> "
>
> and the client returns :
>
> *** Fatal error: Key usage violation in certificate has been detected.
*** Handshake has failed
> GNUTLS ERROR: Key usage violation in certificate has been detected.
>
> I've also tried with clientcert.pem and clientkey.pem, acording to an
example i found on the web ( http://libvirt.org/remote.html ), because i
understood that the cert and key can/must be different on the server and
client, but i get the same error.
>
>
> Regards
> Gonzague
>
>
>
>
> Nikos Mavrogiannopoulos a écrit :
>> On Tue, Apr 13, 2010 at 7:18 PM, gonzagueddr <gonzagueddr at yahoo.fr> wrote:
>>> "gnutls-cli -d 1 -p
>>> 22222 --x509certfile /path/servercert.pem --x509cafile
/path/cacert.pem
>> The issue is here. You must also specify the --x509keyfile parameter.
Otherwise the
>> x509certfile parameter is being ignored.
>> regards,
>> Nikos
>
>
>
>
>
> _______________________________________________
> Help-gnutls mailing list
> Help-gnutls at gnu.org
> http://lists.gnu.org/mailman/listinfo/help-gnutls
>


-------------------------------------------------------------
Laurence Finston
Gesellschaft fuer wissenschaftliche Datenverarbeitung mbH
Am Fassberg 11
37077 Goettingen

Telefon: 	+49 551 201-1882
E-Mail: 	lfinsto at gwdg.de

More information about the Gnutls-help mailing list