GnuTLS

This chapter describes the certtool GnuTLS certificate tool that is available in Oracle Linux and how to use it to create certificate signing requests, self-signed certificates, and privately owned CA certificates. GnuTLS is a library implementing the SSL, TLS and DTLS protocols and technologies around them for the purpose of securing communications. It includes an application programming interface (API) written in C language to access the secure communications protocols and additional APIs to parse and write structures such as X.509, PKCS #12, and OpenPGP.

To use certtool, install the gnutls-utils package avaiable from the Application Stream repository.

sudo dnf install gnutls-utils

The following examples show how to use the certtool command to create certificate signing requests, self-signed certificates, and privately owned CA certificates.

• To generate a private key, do the following.

  sudo certtool --generate-privkey --outfile private_key_file

  In the previous example, private_key_file is the name of the private key file.

• To generate a CSR, do the following:

  sudo certtool --generate-request --load-privkey private_key_file --outfile csr_file

  In the previous example, csr_file is the name of the CSR file.

• To generate a self-signed certificate, do the following:

  sudo certtool --generate-self-signed --load-privkey private_key_file --outfile self_signed_certificate_file 

For more information, see the certtool(1) manual page and the GnuTLS open source project at https://www.gnutls.org/.