GnuTLS
Jump to navigation
Jump to search
Installation
sudo apt-get install gnutls-bin # Debian / Ubuntu sudo dnf install gnutls-utils # Fedora sudo zypper install gnutls # openSUSE
Usage
CA
Generate a private key:
certtool --rsa --bits 2048 --generate-privkey --outfile ca.key
Generate a self-signed certficate from the key:
$ cat ca.template expiration_days = 3650 dn = "C=US,st=CA,L=SF,O=None,OU=None,CN=localhost" email = "ca@localhost" $ certtool --generate-self-signed --hash sha512 --template=ca.template --load-privkey ca.key --outfile ca-cert.pem
Server Certificate
Generate a private key:
certtool --rsa --bits 2048 --generate-privkey --outfile server.key
Generate the certificate request:
$ cat server-csr.template dn = "C=US,st=CA,L=SF,O=None,OU=None,CN=server.local" email = "server@localhost" $ certtool --generate-request --hash sha512 --template=server-csr.template --load-privkey server.key --outfile server-request.pem
Generate the server certificate:
$ cat server-cert.template expiration_days = 730 serial = 01 $ certtool --generate-certificate --hash sha512 --template=server-cert.template --load-ca-certificate ca-cert.pem --load-ca-privkey ca.key --load-request server-request.pem --outfile server-cert.pem
Client Certificate
Generate a private key:
certtool --rsa --bits 2048 --generate-privkey --outfile client.key
Generate the certificate request:
$ cat csr-client.template dn = "C=US,st=CA,L=SF,O=None,OU=None,CN=client.local" email = "client@localhost" $ certtool --generate-request --hash sha512 --template=csr-client.template --load-privkey client.key --outfile client-request.pem
Generate the client certificate:
$ cat client-cert.template expiration_days = 730 serial = 02 $ certtool --generate-certificate --hash sha512 --template=client-cert.template --load-ca-certificate ca-cert.pem --load-ca-privkey ca.key --load-request client-request.pem --outfile client-cert.pem