dametool cert file format

Nikos Mavrogiannopoulos nmav at gnutls.org
Sat Oct 13 22:33:07 CEST 2012

On 10/13/2012 10:10 PM, James Cloos wrote:

> Using base64 encoded cert and key files I get ASN1 parser: Error in TAG
> errors when I try to use danetool to generate TLSA RRs.
> I've tried a number of invocations (host names changed):
> :; danetool --tlsa-rr --host foo.example.net --load-certificate=foo_example_net_cert.pem 
> danetool: crt_import: ASN1 parser: Error in TAG.
> :; danetool --tlsa-rr --host foo.example.net --load-pubkey=foo_example_net_key.pem 
> danetool: importing --load-pubkey: foo_example_net_key.pem: ASN1 parser: Error in TAG.
> What kind of file does danetool expect?  I have RSA PRIVATE KEY,
> CERTIFICATE REQUEST and CERTIFICATE files in pem format.

 Thanks for the report. It seems that I introduced a last minute bug and
the accepted format is DER only. You may use the tool with DER encoded
certificates (convert yours using certtool -i --infile xxx.pem --outder
--outfile xxx.der) or apply the following patch.



More information about the Gnutls-help mailing list