[gnutls-help] Generating self-signed cert requires PIN??
nmav at gnutls.org
Thu Feb 6 16:42:18 CET 2020
Which version of gnutls is that? If you think it is a bug would you
like to report it at gitlab.com/gnutls/gnutls/issues ?
On Tue, Feb 4, 2020 at 11:32 PM MK <mk at cognitivedissonance.ca> wrote:
> I've been using certtool intermittently for years and I don't recall ever having this problem trying to generate a self-signed signing (CA) cert. First the private key (there are many examples like this in the docs, online, etc including, pretty much verbatim, the man page):
> certtool --generate-privkey --password $pword --outfile CAkey.pem
> Then for the cert:
> certtool -s --template ca.conf --outfile CAcert.pem --load-privkey CAkey.pem --password $pword
> The template is just:
> And what happens:
> Generating a self signed certificate...
> No PIN given.
> The cert is never produced. There's also a note about using "the GNUTLS_PIN or GNUTLS_SO_PIN environment variables".
> I have no idea what this PIN is for, but searching online a bit implies it has to do with PKCS11 hardware, which has nothing to do with what I am doing. I tried this:
> export GNUTLS_PIN=1234
> And presto, no more issue. However, this worries me a bit. Will I really have to keep using this PIN with that key/cert? Or it is totally spurious?
> Mark Eriksen
> Gnutls-help mailing list
> Gnutls-help at lists.gnutls.org
More information about the Gnutls-help