[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: dametool cert file format
From: |
Nikos Mavrogiannopoulos |
Subject: |
Re: dametool cert file format |
Date: |
Sat, 13 Oct 2012 22:33:07 +0200 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:10.0.6esrpre) Gecko/20120805 Icedove/10.0.6 |
On 10/13/2012 10:10 PM, James Cloos wrote:
> Using base64 encoded cert and key files I get ASN1 parser: Error in TAG
> errors when I try to use danetool to generate TLSA RRs.
>
> I've tried a number of invocations (host names changed):
>
> :; danetool --tlsa-rr --host foo.example.net
> --load-certificate=foo_example_net_cert.pem
> danetool: crt_import: ASN1 parser: Error in TAG.
>
> :; danetool --tlsa-rr --host foo.example.net
> --load-pubkey=foo_example_net_key.pem
> danetool: importing --load-pubkey: foo_example_net_key.pem: ASN1 parser:
> Error in TAG.
>
> What kind of file does danetool expect? I have RSA PRIVATE KEY,
> CERTIFICATE REQUEST and CERTIFICATE files in pem format.
Hello,
Thanks for the report. It seems that I introduced a last minute bug and
the accepted format is DER only. You may use the tool with DER encoded
certificates (convert yours using certtool -i --infile xxx.pem --outder
--outfile xxx.der) or apply the following patch.
http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=21dce46c4c33fb29dd5784044187d180e448151d
regards,
Nikos