Well, now seems to work. -> Key, csr, crt, .p12 But I can not import client certificates in any mail client. Import .p12 without any problem, and CA certificate, but I can not see the client certificate to sign mail, client certificate, and encryption certificate to select it. The test scripts: To make CA > certtool -p --bits 2048 > ca.key > echo "Key ready / Llave generada" > > # Use --load-request or --infile ? > certtool -s --outfile ca.crt --load-privkey ca.key > echo "CA Generated / Peticion de certificado generada" > certtool -i --infile ca.crt > > To make client: > PASS="gnutls" > certtool -p > new-user.key > #echo "Client Key Ready" > > # Use --load-request or --infile ? > > certtool -q --outfile new-user.csr --load-privkey new-user.key --password > $PASS > echo "CSR Ready" > > certtool -q --outfile new-user.csr --to-p12 --load-privkey new-user.key > --password $PASS > > certtool -c --load-request new-user.csr --outfile new-user.crt > --load-ca-certificate ca.crt --load-ca-privkey ca.key --load-privkey > new-user.key --password $PASS > echo "CRT Ready" > > certtool --load-certificate new-user.crt --load-privkey new-user.key --to-p12 > --outder --outfile new-user2.p12 > echo "P12 Ready" > > certtool --p12-info --infile new-user.p12 --inder --password $PASS
Anyone works with mail sign certificate in any mail client? El jue, 15-03-2007 a las 12:18 +0100, Simon Josefsson escribió: > devel <[EMAIL PROTECTED]> writes: > > > Where I can find 1.6.2 ? > > Try the daily build first: > > http://josefsson.org/daily/gnutls-1.6/gnutls-1.6-20070315.tar.gz > > If it works for you, I'll release it as 1.6.2. > > Thanks, > Simon > > > > > El lun, 12-03-2007 a las 16:52 +0100, Simon Josefsson escribió: > >> devel <[EMAIL PROTECTED]> writes: > >> > >> > certtool (GnuTLS) 1.6.1 > >> > linux x64 > >> > > >> > > >> >> certtool -q --outfile new-user.csr > >> > Certificate request data input in a shell, certtool ask for it. > >> > >> Thanks! I can reproduce it. It seems pkix_asn1_tab.c wasn't > >> re-generated after fixing the following problem in 1.6.1: > >> > >> ** Encode UID fields in DN's as DirectoryString. Before GnuTLS > >> encoded and parsed UID fields as IA5String. This was incorrect, it > >> should have used DirectoryString. Now it will use DirectoryString > >> for the UID field, but for backwards compatibility it will also > >> accept IA5String UID's. Reported by Max Kellermann > >> <[EMAIL PROTECTED]>. > >> > >> I have fixed this in CVS for the 1.6.x branch: > >> > >> ** Regenerate the PKIX ASN.1 syntax tree. For some reason, after > >> changing the ASN.1 type of ldap-UID in the last release, the > >> generated C file built from the ASN.1 schema was not refreshed. This > >> can cause problems when reading/writing UID components inside X.500 > >> Distinguished Names. Reported by devel <[EMAIL PROTECTED]>. > >> > >> Please test tomorrow's daily build and tell me if it solves the > >> problem for you, and I can release 1.6.2. > >> > >> Btw, if anyone wants something in 1.6.2, now would be the time to ask > >> for it. > >> > >> /Simon > >> > >> > > >> > > >> > > >> > > >> > El lun, 12-03-2007 a las 13:40 +0100, Simon Josefsson escribió: > >> >> devel <[EMAIL PROTECTED]> writes: > >> >> > >> >> > Hello, I am trying to use certtool to make certificate, like another > >> >> > times. > >> >> > But this time, with another version of gnutls and other arch, my > >> >> > script > >> >> > do not work. Here is de problem: > >> >> > > >> >> > > >> >> >> certtool -p > new-user.key > >> >> > > >> >> > Work > >> >> >> certtool -q --outfile new-user.csr --load-privkey new-user.key > >> >> >> --password $PASS > >> >> > > >> >> > fail, response of system after input parameters: > >> >> > > >> >> >> set_dn: ASN1 parser: Element was not found. > >> >> > > >> >> > Any suggestion? > >> >> > >> >> Can you send me the CSR that trigger the problem? Which version of > >> >> GnuTLS are you using, and which version of GnuTLS worked before for > >> >> you? > >> >> > >> >> It sounds as if the CSR doesn't contain some field which certtool need > >> >> to have. > >> >> > >> >> /Simon > >> > -- > >> > -- > >> > Devel in Precio http://www.pas-world.com > > -- > > -- > > Devel in Precio http://www.pas-world.com -- -- Devel in Precio http://www.pas-world.com _______________________________________________ Help-gnutls mailing list [email protected] http://lists.gnu.org/mailman/listinfo/help-gnutls
