Alex Hudson <[EMAIL PROTECTED]> writes: > Hey. > > I'm having trouble creating a self-signed certificate. > > I've created the private key fine, and then attempt to do something > like: > > gnutls_x509_crt_init(&certificate); > gnutls_x509_crt_set_activation_time(certificate, time(NULL)); > gnutls_x509_crt_set_expiration_time(certificate, time(NULL) + (700 * 24 > * 60 * 60)); > gnutls_x509_crt_set_key(certificate, key); > gnutls_x509_crt_set_version(certificate, 1); > gnutls_x509_crt_set_serial(certificate, &cert_version, sizeof(int)); > > ... but with more error-checking. I then use > gnutls_x509_crt_set_dn_by_oid() to set some more data on the > certificate, and gnutls_x509_crt_set_key_usage(), but when I come to use > gnutls_x509_crt_export() I get: > > ASN1 parser: Value was not found.
That error is typically returned when some non-optional fields in the certificate have not yet been set. > It seems I'm doing something pretty basically wrong. I've tried > following what certtool does, but to be honest I got lost :D > > Am I doing something clearly wrong? Are there any plain examples I could > look at? Did you sign the certificate using gnutls_x509_crt_sign2 or similar? The signature field is not optional in a certificate. Generally, I think certtool.c is the best example available, even though it is a rather large program. But, if my hint helps, please consider to submit a stripped-down example program to create a self-signed certificate so that others may learn from it. /Simon _______________________________________________ Help-gnutls mailing list [email protected] http://lists.gnu.org/mailman/listinfo/help-gnutls
