Hi, Which version of gnutls is that? If you think it is a bug would you like to report it at gitlab.com/gnutls/gnutls/issues ?
regards, Nikos On Tue, Feb 4, 2020 at 11:32 PM MK <[email protected]> wrote: > > Hi! > > I've been using certtool intermittently for years and I don't recall ever > having this problem trying to generate a self-signed signing (CA) cert. > First the private key (there are many examples like this in the docs, online, > etc including, pretty much verbatim, the man page): > > certtool --generate-privkey --password $pword --outfile CAkey.pem > > Then for the cert: > > certtool -s --template ca.conf --outfile CAcert.pem --load-privkey > CAkey.pem --password $pword > > The template is just: > > country=CA > cn=myAuthority > ca > cert_signing_key > > And what happens: > > Generating a self signed certificate... > No PIN given. > > The cert is never produced. There's also a note about using "the GNUTLS_PIN > or GNUTLS_SO_PIN environment variables". > > I have no idea what this PIN is for, but searching online a bit implies it > has to do with PKCS11 hardware, which has nothing to do with what I am doing. > I tried this: > > export GNUTLS_PIN=1234 > > And presto, no more issue. However, this worries me a bit. Will I really > have to keep using this PIN with that key/cert? Or it is totally spurious? > > Sincerely, > Mark Eriksen > > > _______________________________________________ > Gnutls-help mailing list > [email protected] > http://lists.gnupg.org/mailman/listinfo/gnutls-help _______________________________________________ Gnutls-help mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnutls-help
