[gnutls-help] Generating self-signed cert requires PIN??
Nikos Mavrogiannopoulos
nmav at gnutls.org
Thu Feb 6 16:42:18 CET 2020
Hi,
Which version of gnutls is that? If you think it is a bug would you
like to report it at gitlab.com/gnutls/gnutls/issues ?
regards,
Nikos
On Tue, Feb 4, 2020 at 11:32 PM MK <mk at cognitivedissonance.ca> wrote:
>
> Hi!
>
> I've been using certtool intermittently for years and I don't recall ever having this problem trying to generate a self-signed signing (CA) cert. First the private key (there are many examples like this in the docs, online, etc including, pretty much verbatim, the man page):
>
> certtool --generate-privkey --password $pword --outfile CAkey.pem
>
> Then for the cert:
>
> certtool -s --template ca.conf --outfile CAcert.pem --load-privkey CAkey.pem --password $pword
>
> The template is just:
>
> country=CA
> cn=myAuthority
> ca
> cert_signing_key
>
> And what happens:
>
> Generating a self signed certificate...
> No PIN given.
>
> The cert is never produced. There's also a note about using "the GNUTLS_PIN or GNUTLS_SO_PIN environment variables".
>
> I have no idea what this PIN is for, but searching online a bit implies it has to do with PKCS11 hardware, which has nothing to do with what I am doing. I tried this:
>
> export GNUTLS_PIN=1234
>
> And presto, no more issue. However, this worries me a bit. Will I really have to keep using this PIN with that key/cert? Or it is totally spurious?
>
> Sincerely,
> Mark Eriksen
>
>
> _______________________________________________
> Gnutls-help mailing list
> Gnutls-help at lists.gnutls.org
> http://lists.gnupg.org/mailman/listinfo/gnutls-help
More information about the Gnutls-help
mailing list