Is your private key encrypted? This may be the problem. At any rate, it was a problem I ran into when I was trying to get my server-client pair working. I don't recall all of the details I learned at the time, so I apologize if this suggestion is wrong or of no use.
However, if this is the problem, you'll have to generate an unencrypted key. This is how I generated an unencrypted key from a p12 file using openssl. I'd have to look up whether it's possible to do it with a command from the GNUTLS package and if so, how: openssl pkcs12 -nodes -nocerts -in usercred.p12 -out userkey.pem I would expect that it would be possible to generate an unencrypted key from an encrypted one. Laurence Finston On Wed, April 14, 2010 11:51 am, gonzagueddr wrote: > I've tried "gnutls-cli -d 1 -p 22222 --x509certfile /path/servercert.pem --x509cafile /path/cacert.pem --x509keyfile /path/serverkey.pem domain.org > " > > and the client returns : > > *** Fatal error: Key usage violation in certificate has been detected. *** Handshake has failed > GNUTLS ERROR: Key usage violation in certificate has been detected. > > I've also tried with clientcert.pem and clientkey.pem, acording to an example i found on the web ( http://libvirt.org/remote.html ), because i understood that the cert and key can/must be different on the server and client, but i get the same error. > > > Regards > Gonzague > > > > > Nikos Mavrogiannopoulos a écrit : >> On Tue, Apr 13, 2010 at 7:18 PM, gonzagueddr <[email protected]> wrote: >>> "gnutls-cli -d 1 -p >>> 22222 --x509certfile /path/servercert.pem --x509cafile /path/cacert.pem >> The issue is here. You must also specify the --x509keyfile parameter. Otherwise the >> x509certfile parameter is being ignored. >> regards, >> Nikos > > > > > > _______________________________________________ > Help-gnutls mailing list > [email protected] > http://lists.gnu.org/mailman/listinfo/help-gnutls > ------------------------------------------------------------- Laurence Finston Gesellschaft fuer wissenschaftliche Datenverarbeitung mbH Am Fassberg 11 37077 Goettingen Telefon: +49 551 201-1882 E-Mail: [email protected] _______________________________________________ Help-gnutls mailing list [email protected] http://lists.gnu.org/mailman/listinfo/help-gnutls
