Hi!
I've been using certtool intermittently for years and I don't recall ever
having this problem trying to generate a self-signed signing (CA) cert. First
the private key (there are many examples like this in the docs, online, etc
including, pretty much verbatim, the man page):
certtool --generate-privkey --password $pword --outfile CAkey.pem
Then for the cert:
certtool -s --template ca.conf --outfile CAcert.pem --load-privkey
CAkey.pem --password $pword
The template is just:
country=CA
cn=myAuthority
ca
cert_signing_key
And what happens:
Generating a self signed certificate...
No PIN given.
The cert is never produced. There's also a note about using "the GNUTLS_PIN or
GNUTLS_SO_PIN environment variables".
I have no idea what this PIN is for, but searching online a bit implies it has
to do with PKCS11 hardware, which has nothing to do with what I am doing. I
tried this:
export GNUTLS_PIN=1234
And presto, no more issue. However, this worries me a bit. Will I really have
to keep using this PIN with that key/cert? Or it is totally spurious?
Sincerely,
Mark Eriksen
_______________________________________________
Gnutls-help mailing list
[email protected]
http://lists.gnupg.org/mailman/listinfo/gnutls-help
