Bug#752272: Last certificate not self-signed
Andreas Metzler
ametzler at bebt.de
Sun Jun 22 06:22:49 UTC 2014
On 2014-06-22 Jo Drexl <jo.drexl at poly-tick.de> wrote:
> After installing the stable package and rerunning 'certtool -e
> --load-ca-certificate cacert.pem --infile servercert.pem', the outcome
> was:
[...]
> It seems the self-sign for snakeoil CAs is broken.
> Good luck, I don't think I'm of much use here, still playing around and
> trying to find out what I'm doing here ;)
Hell,
You are trying to use -e but you are passing a single certificate
instead of a certificate chain.
| -e, --verify-chain
| Verify a PEM encoded certificate chain.
|
| The last certificate in the chain must be a self signed one.
If you used --verify instead the command would succeed.
cu Andreas
--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'
More information about the Pkg-gnutls-maint
mailing list