[gnutls-help] Generating multi-layer certificates
Juan Miscaro
jmiscaro at gmail.com
Sat Oct 19 16:55:33 CEST 2013
On 17 October 2013 19:30, Daniel Kahn Gillmor <dkg at fifthhorseman.net> wrote:
> On 10/16/2013 05:49 PM, Juan Miscaro wrote:
> > On 16 October 2013 16:25, Daniel Kahn Gillmor <dkg at fifthhorseman.net>
> wrote:
> >
> >> On 10/16/2013 03:05 PM, Juan Miscaro wrote:
> >>
> >>
> >>> Thank you sir but I don't see the --pubkey-info option in the certtool
> >> man
> >>> page.
> >>
> >> what version of gnutls are you using? you can find the answer with
> >> "certtool --version"
> >>
> >> the above examples were tested with 3.2.4.
> >>
> >>
> > My Debian research system has but only 2.12.14. I have access to a more
> > modern chassis but it still has only 2.12.23 .
>
> if you're using a version from the 2.12 branch, then you'll want to
> create certificate requests for the intermediate ca and the end entity
> instead of explicitly extracting their public keys. you can do this
> with (for example, you can sort out the other options:
>
> certtool --load-privkey intermediate-ca.key \
> --generate-request > intermediate-ca.crq
>
> and answer the various questions.
>
> then, when doing the --generate-certificate command to make the
> intermediate CA's cert, instead of:
>
> --load-pubkey intermediate-ca.pubkey
>
> you should use:
>
> --load-request intermediate-ca.crq
>
> follow the same pattern for the end entity.
>
> make sense?
>
Indeed it does! Thank you for your time.
God bless,
--
/jm
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20131019/c73ed866/attachment-0001.html>
More information about the Gnutls-help
mailing list