Your company here — click to reach over 10,000 unique daily visitors

gnutls_x509_crt_privkey_sign - Man Page

API function


#include <gnutls/abstract.h>

int gnutls_x509_crt_privkey_sign(gnutls_x509_crt_t crt, gnutls_x509_crt_t issuer, gnutls_privkey_t issuer_key, gnutls_digest_algorithm_t dig, unsigned int flags);


gnutls_x509_crt_t crt

a certificate of type gnutls_x509_crt_t

gnutls_x509_crt_t issuer

is the certificate of the certificate issuer

gnutls_privkey_t issuer_key

holds the issuer's private key

gnutls_digest_algorithm_t dig

The message digest to use, GNUTLS_DIG_SHA256 is a safe choice

unsigned int flags

must be 0


This function will sign the certificate with the issuer's private key, and will copy the issuer's information into the certificate.

This must be the last step in a certificate generation since all the previously set parameters are now signed.

A known limitation of this function is, that a newly-signed certificate will not be fully functional (e.g., for signature verification), until it is exported an re-imported.

After GnuTLS 3.6.1 the value of  dig may be GNUTLS_DIG_UNKNOWN, and in that case, a suitable but reasonable for the key algorithm will be selected.


On success, GNUTLS_E_SUCCESS (0) is returned, otherwise a negative error value.

Reporting Bugs

Report bugs to <bugs@gnutls.org>.
Home page: https://www.gnutls.org

See Also

The full documentation for gnutls is maintained as a Texinfo manual. If the /usr/share/doc/gnutls/ directory does not contain the HTML form visit



3.8.6 gnutls