Has anybody managed to get certtool/gnutls-generated keys to work with win2k? I started out with a weird problem, and eventually tracked it down to something that makes no sense to me at all:
An RSA private key generated with certtool cannot be handled by win2k. And yes, I do mean *private key*, not certificate. This doesn't work: certtool -p --outfile key.pem certtool -s --load-privkey key.pem --outfile cert.pem certtool --load-privkey key.pem --load-certificate cert.pem --to-p12 --outder --outfile cert.p12 This does: openssl genrsa -out key.pem 1024 certtool -s --load-privkey key.pem --outfile cert.pem certtool --load-privkey key.pem --load-certificate cert.pem --to-p12 --outder --outfile cert.p12 Trying to import a key generated with certtool gives an error about the algorithm not being supported; if the key is generated by openssl, it works just fine. I can't see any appreciable difference in the keys generated, and they all work fine with both openssl and gnutls. I haven't tried it with winxp; it behaves the same way on several win2k boxes, so if the problem is on that end, there's a need for a compatibility feature. So, um, WTF? [Note that win2k does not handle RSA keys at all until the high encryption pack is installed] -- .''`. ** Debian GNU/Linux ** | Andrew Suffield : :' : http://www.debian.org/ | `. `' | `- -><- |
signature.asc
Description: Digital signature
_______________________________________________ Help-gnutls mailing list [email protected] http://lists.gnu.org/mailman/listinfo/help-gnutls
