GnuTLS

From Segfault
Jump to: navigation, search

Installation

sudo apt-get install gnutls-bin                     # For Debian / Ubuntu
...?

Usage

CA

Generate a private key:

certtool --rsa --bits 2048 --generate-privkey --outfile ca.key

Generate a self-signed certficate from the key:

$ cat ca.template
expiration_days = 3650
dn              = "C=US,st=CA,L=SF,O=None,OU=None,CN=localhost"
email           = "ca@localhost"

$ certtool --generate-self-signed --hash sha512 --template=ca.template --load-privkey ca.key --outfile ca-cert.pem

Server Certificate

Generate a private key:

certtool --rsa --bits 2048 --generate-privkey --outfile server.key

Generate the certificate request:

$ cat server-csr.template
dn              = "C=US,st=CA,L=SF,O=None,OU=None,CN=server.local"
email           = "server@localhost"

$ certtool --generate-request --hash sha512 --template=server-csr.template --load-privkey server.key --outfile server-request.pem

Generate the server certificate:

$ cat server-cert.template
expiration_days = 730
serial          = 01

$ certtool --generate-certificate --hash sha512 --template=server-cert.template --load-ca-certificate ca-cert.pem --load-ca-privkey ca.key --load-request server-request.pem --outfile server-cert.pem

Client Certificate

Generate a private key:

certtool --rsa --bits 2048 --generate-privkey --outfile client.key

Generate the certificate request:

$ cat csr-client.template
dn              = "C=US,st=CA,L=SF,O=None,OU=None,CN=client.local"
email           = "client@localhost"

$ certtool --generate-request --hash sha512 --template=csr-client.template --load-privkey client.key --outfile client-request.pem

Generate the client certificate:

$ cat client-cert.template
expiration_days = 730
serial          = 02

$ certtool --generate-certificate --hash sha512 --template=client-cert.template --load-ca-certificate ca-cert.pem --load-ca-privkey ca.key --load-request client-request.pem --outfile client-cert.pem

Links