[gnutls-help] Is it possible to invoke certtool to create a self signed certificate using a pkcs #8 key and a template file?

Nikos Mavrogiannopoulos nmav at gnutls.org
Sat Jan 11 11:39:26 CET 2014

On 01/05/2014 11:24 AM, Samuel Harmer wrote:
> Dear GnuTLS mailing list,
> I have posted this to ubuntu.stackexchange.com
> <http://ubuntu.stackexchange.com> already but have a feeling this
> mailing list might know a bit more. Alternative solutions welcome
> although I'm deliberately trying to avoid OpenSSL, which I'm pretty sure
> is capable of handling this.
> I'm struggling with certtool from the gnutls package on Ubuntu server
> 12.04.3. I'm trying to follow this guide
> (https://help.ubuntu.com/community/GnuTLS) but with an encrypted key.
> I've created my encrypted private key like so.
> Is there a way to make certtool accept both a template file and an
> encrypted private key? Or do I need to script the decryption of the
> private key to a temporary key file to pass to certtool?

Hello Samuel,
 I'd suggest to try with a more recent certtool from 3.1 or 3.2 branches
of gnutls. There are several changes in the handling of password
protected keys.


More information about the Gnutls-help mailing list