TLS server key and certificate generation

Hi,

I am trying to setting up a OpenXcap server and doing so I encounter following error. So can someone suggest how to generate TLS server certificate and key for OpenXcap server.

Sep 23 16:13:55 jawad-desktop openxcap[2710]: fatal error: the TLS certificates or the private key could not be loaded


--
Regards
Jawad Hussain

_______________________________________________
Help-gnutls mailing list
Help-gnutls@...
http://lists.gnu.org/mailman/listinfo/help-gnutls

Jawad hussain <jawad.ssuet@...> writes:

> Hi,
>
> I am trying to setting up a OpenXcap server and doing so I encounter
> following error. So can someone suggest how to generate TLS server
> certificate and key for OpenXcap server.
>
> Sep 23 16:13:55 jawad-desktop openxcap[2710]: fatal error: the TLS
> certificates or the private key could not be loaded

There is not much information to go on here, can you provide more
information on what commands you invoke and the files you use as input?
I'm not familiar with OpenXcap though, so you may find better answers on
a OpenXcap forum.

Generating keys and certificates is covered in the GnuTLS manual:

http://www.gnu.org/software/gnutls/manual/html_node/Invoking-certtool.html

I blogged about how to create CACert keys/certs some time ago:

http://blog.josefsson.org/2009/04/16/cacert-and-gnutls/

/Simon


_______________________________________________
Help-gnutls mailing list
Help-gnutls@...
http://lists.gnu.org/mailman/listinfo/help-gnutls

Thanks,

Actually for OpenXCAP to work I have to generate one server.crt and server.key by using gnutls (as this is only one post on OpenXCAP forum) and put them under my openxcap/tls folder, so that would my server certification and key. By the time I emailed I was unable to find method to do this by gnutls so did this by openssl but I struggled to load the cert/key with openssl.

On OpenXCAP website this is the only information about certificates.

"" When using TLS you must generate an X.509 certificate and a key. Consult Internet resources for how to do this. The procedure is the same as for any other TLS server like Apache web server.  ""

I generate a certificate and private key for OpenXCAP server by using openssl as follows.

- openssl genrsa -des3 out server.key 1024
- openssl req -new -key server.key -out server.csr
- openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt


So in short I have to generate one server certificate and private key using gnutls and I will follow procedures on the provided links by you and will report if that work. I have installed gnutls but havent seen certtool command ?.


Regards,
Jawad Hussain




-

_______________________________________________
Help-gnutls mailing list
Help-gnutls@...
http://lists.gnu.org/mailman/listinfo/help-gnutls

"jawad.ssuet" <jawad.ssuet@...> writes:

> I have installed gnutls but havent seen certtool command ?.

It is part of the GnuTLS distribution.  If you installed a dpkg/rpm or
similar you need to make sure you get all components.

/Simon


_______________________________________________
Help-gnutls mailing list
Help-gnutls@...
http://lists.gnu.org/mailman/listinfo/help-gnutls

Thanks,

Now I got one error related with GNUTLS so can you please help in resolving this.

Sep 25 18:29:03 jawad-desktop openxcap[2781]: Log opened.
Sep 25 18:29:03 jawad-desktop openxcap[2781]: Starting OpenXCAP 1.1.2
Sep 25 18:29:04 jawad-desktop openxcap[2781]: /etc/openxcap/openxcap-1.1.2/xcap/tweaks.py:1: exceptions.DeprecationWarning: the md5 module is deprecated; use hashlib instead

Sep 25 18:29:04 jawad-desktop openxcap[2781]: fatal error: failed to create OpenXCAP 1.1.2: /usr/local/lib/libgnutls.so.26: undefined symbol: gnutls_certificate_get_x509_cas

Sep 25 18:29:04 jawad-desktop openxcap[2781]: Traceback (most recent call last):
Sep 25 18:29:04 jawad-desktop openxcap[2781]: --- <exception caught here> ---
Sep 25 18:29:04 jawad-desktop openxcap[2781]:   File "./openxcap", line 61, in <module>
Sep 25 18:29:04 jawad-desktop openxcap[2781]:     from xcap.server import XCAPServer
Sep 25 18:29:04 jawad-desktop openxcap[2781]:   File "/etc/openxcap/openxcap-1.1.2/xcap/server.py", line 24, in <module>
Sep 25 18:29:04 jawad-desktop openxcap[2781]:     from xcap.tls import Certificate, PrivateKey
Sep 25 18:29:04 jawad-desktop openxcap[2781]:   File "/etc/openxcap/openxcap-1.1.2/xcap/tls.py", line 8, in <module>
Sep 25 18:29:04 jawad-desktop openxcap[2781]:     from gnutls.crypto import X509Certificate,  X509PrivateKey
Sep 25 18:29:04 jawad-desktop openxcap[2781]:   File "/usr/lib/pymodules/python2.6/gnutls/crypto.py", line 11, in <module>
Sep 25 18:29:04 jawad-desktop openxcap[2781]:     from gnutls.validators import method_args, one_of
Sep 25 18:29:04 jawad-desktop openxcap[2781]:   File "/usr/lib/pymodules/python2.6/gnutls/validators.py", line 9, in <module>
Sep 25 18:29:04 jawad-desktop openxcap[2781]:     from gnutls.constants import *
Sep 25 18:29:04 jawad-desktop openxcap[2781]:   File "/usr/lib/pymodules/python2.6/gnutls/constants.py", line 38, in <module>
Sep 25 18:29:04 jawad-desktop openxcap[2781]:     from gnutls.library import constants
Sep 25 18:29:04 jawad-desktop openxcap[2781]:   File "/usr/lib/pymodules/python2.6/gnutls/library/__init__.py", line 7, in <module>
Sep 25 18:29:04 jawad-desktop openxcap[2781]:     from gnutls.library import errors
Sep 25 18:29:04 jawad-desktop openxcap[2781]:   File "/usr/lib/pymodules/python2.6/gnutls/library/errors.py", line 15, in <module>
Sep 25 18:29:04 jawad-desktop openxcap[2781]:     from gnutls.library.functions import gnutls_strerror, gnutls_alert_get
Sep 25 18:29:04 jawad-desktop openxcap[2781]:   File "/usr/lib/pymodules/python2.6/gnutls/library/functions.py", line 505, in <module>
Sep 25 18:29:04 jawad-desktop openxcap[2781]:     gnutls_certificate_get_x509_cas = _libraries['libgnutls.so.26'].gnutls_certificate_get_x509_cas
Sep 25 18:29:04 jawad-desktop openxcap[2781]:   File "/usr/lib/python2.6/ctypes/__init__.py", line 366, in __getattr__
Sep 25 18:29:04 jawad-desktop openxcap[2781]:     func = self.__getitem__(name)
Sep 25 18:29:04 jawad-desktop openxcap[2781]:   File "/usr/lib/python2.6/ctypes/__init__.py", line 371, in __getitem__
Sep 25 18:29:04 jawad-desktop openxcap[2781]:     func = self._FuncPtr((name_or_ordinal, self))
Sep 25 18:29:04 jawad-desktop openxcap[2781]: exceptions.AttributeError: /usr/local/lib/libgnutls.so.26: undefined symbol: gnutls_certificate_get_x509_cas

Regards,
Jawad Hussain




--

_______________________________________________
Help-gnutls mailing list
Help-gnutls@...
http://lists.gnu.org/mailman/listinfo/help-gnutls

Jawad hussain <jawad.ssuet@...> writes:

You may need a newer GnuTLS version, that symbol was added in 2.4.0.

/Simon


_______________________________________________
Help-gnutls mailing list
Help-gnutls@...
http://lists.gnu.org/mailman/listinfo/help-gnutls

Thanks Simon,

Yes you are rite and I really appreciate your support.


Regards,
Jawad Hussain



_______________________________________________
Help-gnutls mailing list
Help-gnutls@...
http://lists.gnu.org/mailman/listinfo/help-gnutls