dametool cert file format
Nikos Mavrogiannopoulos
nmav at gnutls.org
Sat Oct 13 22:33:07 CEST 2012
On 10/13/2012 10:10 PM, James Cloos wrote:
> Using base64 encoded cert and key files I get ASN1 parser: Error in TAG
> errors when I try to use danetool to generate TLSA RRs.
>
> I've tried a number of invocations (host names changed):
>
> :; danetool --tlsa-rr --host foo.example.net --load-certificate=foo_example_net_cert.pem
> danetool: crt_import: ASN1 parser: Error in TAG.
>
> :; danetool --tlsa-rr --host foo.example.net --load-pubkey=foo_example_net_key.pem
> danetool: importing --load-pubkey: foo_example_net_key.pem: ASN1 parser: Error in TAG.
>
> What kind of file does danetool expect? I have RSA PRIVATE KEY,
> CERTIFICATE REQUEST and CERTIFICATE files in pem format.
Hello,
Thanks for the report. It seems that I introduced a last minute bug and
the accepted format is DER only. You may use the tool with DER encoded
certificates (convert yours using certtool -i --infile xxx.pem --outder
--outfile xxx.der) or apply the following patch.
http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=21dce46c4c33fb29dd5784044187d180e448151d
regards,
Nikos
More information about the Gnutls-help
mailing list