Search Results for gnutls certtool generate certificate signing request

GnuTLS Certificate Authority Commands

Apple has its own certtool, GnuTLS’ certtool is renamed as gnutls-certtool in MacPorts. Create Private Key GnuTLS

gnutls-certtool --generate-privkey --bits 2048 --outfile text.key

1	gnutls-certtool --generate-privkey --bits 2048 --outfile text.key

OpenSSL

openssl genrsa -out test.key 2048

1	openssl genrsa -out test.key 2048

Create Certificate Request GnuTLS You can also create your own template file rather than filling interactively.

gnutls-certtool --generate-request --load-privkey test.key --outfile test.csr
Generating a PKCS #10 certificate request...
Common name: 
Organizational unit name: 
Organization name: 
Locality name: 
State or province name: 
Country name (2 chars): 
Enter the subject's domain component (DC): 
UID: 
Enter a dnsName of the subject of the certificate: 
Enter a URI of the subject of the certificate: 
Enter the IP address of the subject of the certificate: 
Enter the e-mail of the subject of the certificate: 
Enter a challenge password: 
Does the certificate belong to an authority? (y/N): 
Will the certificate be used for signing (DHE and RSA-EXPORT ciphersuites)? (Y/n): 
Will the certificate be used for encryption (RSA ciphersuites)? (Y/n): 
Is this a TLS web client certificate? (y/N): 
Is this a TLS web server certificate? (y/N): 
Self signature: verified

gnutls-certtool --generate-request --load-privkey test.key --outfile test.csr

Generating a PKCS #10 certificate request...

Common name:

Organizational unit name:

Organization name:

Locality name:

State or province name:

Country name (2 chars):

Enter the subject's domain component (DC):

UID:

Enter a dnsName of the subject of the certificate:

Enter a URI of the subject of the certificate:

Enter the IP address of the subject of the certificate:

Enter the e-mail of the subject of the certificate:

Enter a challenge password:

Does the certificate belong to an authority? (y/N):

Will the certificate be used for signing (DHE and RSA-EXPORT ciphersuites)? (Y/n):

Will the certificate be used for encryption (RSA ciphersuites)? (Y/n):

Is this a TLS web client certificate? (y/N):

Is this a TLS web server certificate? (y/N):

Self signature: verified

OpenSSL

openssl req -new  -key test.key -out test.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

openssl req -new -key test.key -out test.csr

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [AU]:

State or Province Name (full name) [Some-State]:

Locality Name (eg, city) []:

Organization Name (eg, company) [Internet Widgits Pty Ltd]:

Organizational Unit Name (eg, section) []:

Common Name (e.g. server FQDN or YOUR name) []:

Email Address []:

Please enter the following 'extra' attributes

to be sent with your certificate request

A challenge password []:

An optional company name []:

Sign request GnuTLS

 gnutls-certtool --generate-certificate --load-request sskaje.csr --load-ca-certificate ~/Documents/CA/USER\ CA/user_ca.pem  --load-ca-privkey  ~/Documents/CA/USER\ CA/user_ca.key --template sskaje.tmpl --outfile tmp.pem

1	gnutls-certtool --generate-certificate --load-request sskaje.csr --load-ca-certificate ~/Documents/CA/USER\ CA/user_ca.pem --load-ca-privkey ~/Documents/CA/USER\ CA/user_ca.key --template sskaje.tmpl --outfile tmp.pem

OpenSSL I don’t like openssl.cnf! Show certificate information GnuTLS

gnutls-certtool --certificate-info --infile sskaje-cert.pem

1	gnutls-certtool --certificate-info --infile sskaje-cert.pem

OpenSSL

openssl x509 -in sskaje-cert.pem -text

1	openssl x509 -in sskaje-cert.pem -text

… Continue reading “GnuTLS Certificate Authority Commands”

Generate Certificate with GnuTLS and Sign with OpenSSL

In iOS IPSec VPN Server on Ubuntu, I create a local CA with openssl. I’m setting up an OpenConnect VPN, which uses GnuTLS’s certtool generating ca and sign certificates. I want to use share the same Root CA for both OpenSSL and GnuTLS, so I’m generating request from GnuTLS and signing with OpenSSL. Apple has … Continue reading “Generate Certificate with GnuTLS and Sign with OpenSSL”