GnuTLS

This chapter describes the certtool GnuTLS certificate tool available in Oracle Linux and how to use it to create certificate signing requests, self-signed certificates, and privately owned CA certificates. GnuTLS is a library that provides implementations of the SSL, TLS, and DTLS protocols, along with related technologies, to secure communications. It includes an application programming interface (API) written in C language to access the secure communications protocols and APIs to parse and write structures such as X.509, PKCS #12, and OpenPGP.

To use certtool, install the gnutls-utils package, available from the Application Stream repository:

sudo dnf install gnutls-utils

The following examples show how to use the certtool command to create certificate signing requests, self-signed certificates, and privately owned CA certificates.

• To generate a private key, run the following command, replacing private_key_file with the name of the private key file:

  sudo certtool --generate-privkey --outfile private_key_file

• To generate a CSR, run the following command, replacing csr_file with the name of the CSR file:

  sudo certtool --generate-request --load-privkey private_key_file --outfile csr_file

• To generate a self-signed certificate, run the following command:

  sudo certtool --generate-self-signed --load-privkey private_key_file --outfile self_signed_certificate_file 

For more information, see the certtool(1) manual page and the GnuTLS open source project at https://www.gnutls.org/.