Site Navigation

FreeBSD Manual Pages

   man apropos
 
   All Sections 1 - General Commands 2 - System Calls 3 - Subroutines 4 - Special Files 5 - File Formats 6 - Games 7 - Macros and Conventions 8 - Maintenance Commands 9 - Kernel Interface n - New Commands FreeBSD 16.0-CURRENT FreeBSD 15.0-STABLE FreeBSD 14.3-RELEASE FreeBSD 14.3-RELEASE and Ports FreeBSD 14.3-STABLE FreeBSD 14.2-RELEASE FreeBSD 14.2-RELEASE and Ports FreeBSD 14.1-RELEASE FreeBSD 14.1-RELEASE and Ports FreeBSD 14.0-RELEASE FreeBSD 14.0-RELEASE and Ports FreeBSD 13.5-RELEASE FreeBSD 13.5-RELEASE and Ports FreeBSD 13.5-STABLE FreeBSD 13.4-RELEASE FreeBSD 13.4-RELEASE and Ports FreeBSD 13.3-RELEASE FreeBSD 13.3-RELEASE and Ports FreeBSD 13.2-RELEASE FreeBSD 13.2-RELEASE and Ports FreeBSD 13.1-RELEASE FreeBSD 13.1-RELEASE and Ports FreeBSD 13.0-RELEASE FreeBSD 13.0-RELEASE and Ports FreeBSD 12.4-RELEASE FreeBSD 12.4-RELEASE and Ports FreeBSD 12.3-RELEASE FreeBSD 12.3-RELEASE and Ports FreeBSD 12.2-RELEASE FreeBSD 12.2-RELEASE and Ports FreeBSD 12.1-RELEASE FreeBSD 12.1-RELEASE and Ports FreeBSD 12.0-RELEASE FreeBSD 12.0-RELEASE and Ports FreeBSD 11.4-RELEASE FreeBSD 11.4-RELEASE and Ports FreeBSD 11.3-RELEASE FreeBSD 11.3-RELEASE and Ports FreeBSD 11.2-RELEASE FreeBSD 11.2-RELEASE and Ports FreeBSD 11.1-RELEASE FreeBSD 11.1-RELEASE and Ports FreeBSD 11.0-RELEASE FreeBSD 11.0-RELEASE and Ports FreeBSD 10.4-RELEASE FreeBSD 10.4-RELEASE and Ports FreeBSD 10.3-RELEASE FreeBSD 10.3-RELEASE and Ports FreeBSD 10.2-RELEASE FreeBSD 10.2-RELEASE and Ports FreeBSD 10.1-RELEASE FreeBSD 10.1-RELEASE and Ports FreeBSD 10.0-RELEASE FreeBSD 10.0-RELEASE and Ports FreeBSD 9.3-RELEASE FreeBSD 9.3-RELEASE and Ports FreeBSD 9.2-RELEASE FreeBSD 9.2-RELEASE and Ports FreeBSD 9.1-RELEASE FreeBSD 9.1-RELEASE and Ports FreeBSD 9.0-RELEASE FreeBSD 9.0-RELEASE and Ports FreeBSD 8.4-RELEASE FreeBSD 8.4-RELEASE and Ports FreeBSD 8.3-RELEASE FreeBSD 8.3-RELEASE and Ports FreeBSD 8.2-RELEASE FreeBSD 8.2-RELEASE and Ports FreeBSD 8.1-RELEASE FreeBSD 8.1-RELEASE and Ports FreeBSD 8.0-RELEASE FreeBSD 8.0-RELEASE and Ports FreeBSD 7.4-RELEASE FreeBSD 7.4-RELEASE and Ports FreeBSD 7.3-RELEASE FreeBSD 7.3-RELEASE and Ports FreeBSD 7.2-RELEASE FreeBSD 7.2-RELEASE and Ports FreeBSD 7.1-RELEASE FreeBSD 7.1-RELEASE and Ports FreeBSD 7.0-RELEASE FreeBSD 6.4-RELEASE FreeBSD 6.4-RELEASE and Ports FreeBSD 6.3-RELEASE FreeBSD 6.3-RELEASE and Ports FreeBSD 6.2-RELEASE FreeBSD 6.1-RELEASE FreeBSD 6.0-RELEASE FreeBSD 6.0-RELEASE and Ports FreeBSD 5.5-RELEASE FreeBSD 5.5-RELEASE and Ports FreeBSD 5.4-RELEASE FreeBSD 5.4-RELEASE and Ports FreeBSD 5.3-RELEASE FreeBSD 5.3-RELEASE and Ports FreeBSD 5.2.1-RELEASE FreeBSD 5.2.1-RELEASE and Ports FreeBSD 5.2-RELEASE FreeBSD 5.2-RELEASE and Ports FreeBSD 5.1-RELEASE FreeBSD 5.0-RELEASE FreeBSD 4.11-RELEASE FreeBSD 4.11-RELEASE and Ports FreeBSD 4.10-RELEASE FreeBSD 4.10-RELEASE and Ports FreeBSD 4.9-RELEASE FreeBSD 4.9-RELEASE and Ports FreeBSD 4.8-RELEASE FreeBSD 4.8-RELEASE and Ports FreeBSD 4.7-RELEASE FreeBSD 4.6.2-RELEASE FreeBSD 4.6.2-RELEASE and Ports FreeBSD 4.6-RELEASE FreeBSD 4.6-RELEASE and Ports FreeBSD 4.5-RELEASE FreeBSD 4.5-RELEASE and Ports FreeBSD 4.4-RELEASE FreeBSD 4.3-RELEASE FreeBSD 4.3-RELEASE and Ports FreeBSD 4.2-RELEASE FreeBSD 4.2-RELEASE and Ports FreeBSD 4.1.1-RELEASE FreeBSD 4.1.1-RELEASE and Ports FreeBSD 4.1-RELEASE FreeBSD 4.0-RELEASE FreeBSD 3.5.1-RELEASE FreeBSD 3.5.1-RELEASE and Ports FreeBSD 3.5-RELEASE and Ports FreeBSD 3.4-RELEASE FreeBSD 3.4-RELEASE and Ports FreeBSD 3.3-RELEASE FreeBSD 3.2-RELEASE FreeBSD 3.1-RELEASE FreeBSD 3.0-RELEASE FreeBSD 2.2.8-RELEASE FreeBSD 2.2.8-RELEASE and Ports FreeBSD 2.2.7-RELEASE FreeBSD 2.2.6-RELEASE FreeBSD 2.2.5-RELEASE FreeBSD 2.2.2-RELEASE FreeBSD 2.2.1-RELEASE FreeBSD 2.1.7.1-RELEASE FreeBSD 2.1.6.1-RELEASE FreeBSD 2.1.5-RELEASE FreeBSD 2.1.0-RELEASE FreeBSD 2.0.5-RELEASE FreeBSD 2.0-RELEASE FreeBSD 1.1.5.1-RELEASE FreeBSD 1.1-RELEASE FreeBSD 1.0-RELEASE FreeBSD Ports 14.3 FreeBSD Ports 14.3.quarterly FreeBSD Ports 14.2 FreeBSD Ports 14.1 FreeBSD Ports 14.0 FreeBSD Ports 13.5 FreeBSD Ports 13.4 FreeBSD Ports 13.3 FreeBSD Ports 13.2 FreeBSD Ports 13.1 FreeBSD Ports 13.0 FreeBSD Ports 12.4 FreeBSD Ports 12.3 FreeBSD Ports 12.2 FreeBSD Ports 12.1 FreeBSD Ports 12.0 FreeBSD Ports 11.4 FreeBSD Ports 11.3 FreeBSD Ports 11.2 FreeBSD Ports 11.1 FreeBSD Ports 11.0 FreeBSD Ports 10.4 FreeBSD Ports 10.3 FreeBSD Ports 10.2 FreeBSD Ports 10.1 FreeBSD Ports 10.0 FreeBSD Ports 9.3 FreeBSD Ports 9.2 FreeBSD Ports 9.1 FreeBSD Ports 9.0 FreeBSD Ports 8.4 FreeBSD Ports 8.3 FreeBSD Ports 8.2 FreeBSD Ports 8.1 FreeBSD Ports 8.0 FreeBSD Ports 7.4 FreeBSD Ports 7.3 FreeBSD Ports 7.2 FreeBSD Ports 7.1 FreeBSD Ports 7.0 FreeBSD Ports 6.4 FreeBSD Ports 6.3 FreeBSD Ports 6.2 FreeBSD Ports 6.0 FreeBSD Ports 5.5 FreeBSD Ports 5.4 FreeBSD Ports 5.3 FreeBSD Ports 5.2.1 FreeBSD Ports 5.2 FreeBSD Ports 5.1 FreeBSD Ports 4.11 FreeBSD Ports 4.10 FreeBSD Ports 4.9 FreeBSD Ports 4.8 FreeBSD Ports 4.7 FreeBSD Ports 4.6.2 FreeBSD Ports 4.6 FreeBSD Ports 4.5 FreeBSD Ports 4.3 FreeBSD Ports 4.2 FreeBSD Ports 4.1.1 FreeBSD Ports 3.5.1 FreeBSD Ports 3.5 FreeBSD Ports 3.4 FreeBSD Ports 2.2.8 4.4BSD Lite2 4.3BSD NET/2 4.3BSD Reno 2.11 BSD 2.10 BSD 2.9.1 BSD 2.8 BSD 386BSD 0.1 386BSD 0.0 CentOS 7.9 CentOS 7.8 CentOS 7.7 CentOS 7.6 CentOS 7.5 CentOS 7.4 CentOS 7.3 CentOS 7.2 CentOS 7.1 CentOS 7.0 CentOS 6.10 CentOS 6.9 CentOS 6.8 CentOS 6.7 CentOS 6.6 CentOS 6.5 CentOS 6.4 CentOS 6.3 CentOS 6.2 CentOS 6.1 CentOS 6.0 CentOS 5.11 CentOS 5.10 CentOS 5.9 CentOS 5.8 CentOS 5.7 CentOS 5.6 CentOS 5.5 CentOS 5.4 CentOS 4.8 CentOS 3.9 Darwin 8.0.1/ppc Darwin 7.0.1 Darwin 6.0.2/x86 Darwin 1.4.1/x86 Darwin 1.3.1/x86 Debian 14.0 unstable Debian 13.1.0 Debian 12.12.0 Debian 11.11.0 Debian 10.13.0 Debian 9.13.0 Debian 8.11.1 Debian 7.11.0 Debian 6.0.10 Debian 5.0.10 Debian 4.0.9 Debian 3.1.8 Debian 2.2.7 Debian 2.0.0 Dell UNIX SVR4 2.2 DragonFly 6.4.0 DragonFly 5.8.3 DragonFly 4.8.1 DragonFly 3.8.2 DragonFly 2.10.1 DragonFly 1.12.1 DragonFly 1.0A HP-UX 11.22 HP-UX 11.20 HP-UX 11.11 HP-UX 11.00 HP-UX 10.20 HP-UX 10.10 HP-UX 10.01 HP-UX 9.07 HP-UX 8.07 Inferno 4th Edition IRIX 6.5.30 Linux Slackware 3.1 MACH 2.5/i386 macOS 26.0 macOS 15.7 macOS 14.8 macOS 13.6.5 macOS 12.7.3 macOS 11.1 macOS 10.15.0 macOS 10.13.6 macOS 10.12.0 Minix 3.3.0 Minix 3.2.1 Minix 3.2.0 Minix 3.1.7 Minix 3.1.6 Minix 3.1.5 Minix 2.0.0 NetBSD 10.1 NetBSD 10.0 NetBSD 9.4 NetBSD 9.3 NetBSD 9.2 NetBSD 9.1 NetBSD 9.0 NetBSD 8.3 NetBSD 8.2 NetBSD 8.1 NetBSD 8.0 NetBSD 7.2 NetBSD 7.1.2 NetBSD 7.1 NetBSD 7.0 NetBSD 6.1.5 NetBSD 6.0 NetBSD 5.2.3 NetBSD 5.2 NetBSD 5.1 NetBSD 5.0 NetBSD 4.0.1 NetBSD 4.0 NetBSD 3.1 NetBSD 3.0 NetBSD 2.1 NetBSD 2.0.2 NetBSD 2.0 NetBSD 1.6.2 NetBSD 1.6.1 NetBSD 1.6 NetBSD 1.5.3 NetBSD 1.5.2 NetBSD 1.5.1 NetBSD 1.5 NetBSD 1.4.3 NetBSD 1.4.2 NetBSD 1.4.1 NetBSD 1.4 NetBSD 1.3.3 NetBSD 1.3.2 NetBSD 1.3.1 NetBSD 1.3 NetBSD 1.2.1 NetBSD 1.2 NetBSD 1.1 NetBSD 1.0 NeXTSTEP 3.3 OpenBSD 7.8 OpenBSD 7.7 OpenBSD 7.6 OpenBSD 7.5 OpenBSD 7.4 OpenBSD 7.3 OpenBSD 7.2 OpenBSD 7.1 OpenBSD 7.0 OpenBSD 6.9 OpenBSD 6.8 OpenBSD 6.7 OpenBSD 6.6 OpenBSD 6.5 OpenBSD 6.4 OpenBSD 6.3 OpenBSD 6.2 OpenBSD 6.1 OpenBSD 6.0 OpenBSD 5.9 OpenBSD 5.8 OpenBSD 5.7 OpenBSD 5.6 OpenBSD 5.5 OpenBSD 5.4 OpenBSD 5.3 OpenBSD 5.2 OpenBSD 5.1 OpenBSD 5.0 OpenBSD 4.9 OpenBSD 4.8 OpenBSD 4.7 OpenBSD 4.6 OpenBSD 4.5 OpenBSD 4.4 OpenBSD 4.3 OpenBSD 4.2 OpenBSD 4.1 OpenBSD 4.0 OpenBSD 3.9 OpenBSD 3.8 OpenBSD 3.7 OpenBSD 3.6 OpenBSD 3.5 OpenBSD 3.4 OpenBSD 3.3 OpenBSD 3.2 OpenBSD 3.1 OpenBSD 3.0 OpenBSD 2.9 OpenBSD 2.8 OpenBSD 2.7 OpenBSD 2.6 OpenBSD 2.5 OpenBSD 2.4 OpenBSD 2.3 OpenBSD 2.2 OpenBSD 2.1 OpenBSD 2.0 OpenDarwin 7.2.1 OpenDarwin 6.6.2/x86 OpenDarwin 6.6.1/x86 OpenDarwin 20030208pre4/ppc OpenIndiana 2024.10 OpenIndiana 2022.10 OpenIndiana 2020.10 OpenIndiana 2017.10 OpenIndiana 2015.10 OpenIndiana 2013.08 OpenSolaris 2010.03 OpenSolaris 2009.06 OpenStep 4.2 openSUSE 42.3 openSUSE 42.2 openSUSE 42.1 openSUSE 16.0 openSUSE 15.6 openSUSE 15.5 openSUSE 15.4 openSUSE 15.3 openSUSE 15.2 openSUSE 15.1 openSUSE 15.0 openSUSE 13.2 openSUSE 13.1 openSUSE 11.4 openSUSE 11.3 openSUSE 11.2 openSUSE 10.3 openSUSE 10.2 OSF1 V5.1/alpha OSF1 V4.0/alpha OSF1 V1.0/mips Plan 9 Red Hat 9.0 Red Hat 8.0 Red Hat 7.3 Red Hat 7.2 Red Hat 7.1 Red Hat 7.0 Red Hat 6.2 Red Hat 6.1 Red Hat 5.2 Red Hat 5.0 Red Hat 4.2 Rhapsody DR1 Rhapsody DR2 Rocky 10.0 Rocky 9.6 Rocky 9.5 Rocky 9.4 Rocky 9.3 Rocky 9.2 Rocky 9.1 Rocky 9.0 Rocky 8.10 Rocky 8.9 Rocky 8.8 Rocky 8.7 Rocky 8.6 Rocky 8.5 Rocky 8.4 Rocky 8.3 Sun UNIX 0.4 SunOS 5.10 SunOS 5.9 SunOS 5.8 SunOS 5.7 SunOS 5.6 SunOS 5.5.1 SunOS 4.1.3 SuSE 11.3 SuSE 11.2 SuSE 11.1 SuSE 11.0 SuSE 10.3 SuSE 10.2 SuSE 10.1 SuSE 10.0 SuSE 9.3 SuSE 9.2 SuSE 8.2 SuSE 8.1 SuSE 8.0 SuSE 7.3 SuSE 7.2 SuSE 7.1 SuSE 7.0 SuSE 6.4 SuSE 6.3 SuSE 6.1 SuSE 6.0 SuSE 5.3 SuSE 5.2 SuSE 5.0 SuSE 4.3 SuSE ES 10 SP1 Ubuntu 24.04 noble Ubuntu 23.10 mantic Ubuntu 22.04 jammy Ubuntu 20.04 focal Ubuntu 18.04 bionic Ubuntu 16.04 xenial Ubuntu 14.04 trusty ULTRIX 4.2 Ultrix-32 2.0/VAX Unix Seventh Edition X11R7.4 X11R7.3.2 X11R7.2 X11R6.9.0 X11R6.8.2 X11R6.7.0 XFree86 4.8.0 XFree86 4.7.0 XFree86 4.6.0 XFree86 4.5.0 XFree86 4.4.0 XFree86 4.3.0 XFree86 4.2.99.3 XFree86 4.2.0 XFree86 4.1.0 XFree86 4.0.2 XFree86 4.0.1 XFree86 4.0 XFree86 3.3.6 XFree86 3.3 XFree86 2.1 All Architectures html pdf ascii

home | help

---

gnutls-serv(1)			 User Commands			gnutls-serv(1)

NAME
       gnutls-serv - GnuTLS server

SYNOPSIS
       gnutls-serv [-flags] [-flag [value]] [--option-name[[=| ]value]]

       All arguments must be options.

DESCRIPTION
       Server program that listens to incoming TLS connections.

OPTIONS
       -d num, --debug=num Enable debugging.  This option takes	an integer
       number as its argument.	The value of num is constrained	to being:
	   in the range	0 through 9999

       Specifies the debug level.

       --sni-hostname=str Server's hostname for	server name extension.

       Server name of type host_name that the server will recognise as its
       own. If the server receives client hello	with different name, it	will
       send a warning-level unrecognized_name alert.

       --sni-hostname-fatal Send fatal alert on	sni-hostname mismatch.

       --alpn=str Specify ALPN protocol	to be enabled by the server.  This op-
       tion may	appear an unlimited number of times.

       Specify the (textual) ALPN protocol for the server to use.

       --alpn-fatal Send fatal alert on	non-matching ALPN name.

       --noticket Don't	accept session tickets.

       --earlydata Accept early	data.

       --maxearlydata=num The maximum early data size to accept.  This option
       takes an	integer	number as its argument.	 The value of num is con-
       strained	to being:
	   in the range	1 through 2147483648

       --nocookie Don't	require	cookie on DTLS sessions.

       -g, --generate Generate Diffie-Hellman parameters.

       -q, --quiet Suppress some messages.

       --nodb Do not use a resumption database.

       --http Act as an	HTTP server.

       --echo Act as an	Echo server.

       --crlf Do not replace CRLF by LF	in Echo	server mode.

       -u, --udp Use DTLS (datagram TLS) over UDP.

       --mtu=num Set MTU for datagram TLS.  This option	takes an integer num-
       ber as its argument.  The value of num is constrained to	being:
	   in the range	0 through 17000

       --srtp-profiles=str Offer SRTP profiles.

       -a, --disable-client-cert Do not	request	a client certificate.  This
       option must not appear in combination with any of the following op-
       tions: require-client-cert.

       -r, --require-client-cert Require a client certificate.

       This option before 3.6.0	used to	imply --verify-client-cert.  Since
       3.6.0 it	will no	longer verify the certificate by default.

       --verify-client-cert If a client	certificate is sent then verify	it.

       Do not require, but if a	client certificate is sent then	verify it and
       close the connection if invalid.

       --compress-cert=str Compress certificate.  This option may appear an
       unlimited number	of times.

       This option sets	a supported compression	method for certificate com-
       pression.

       -b, --heartbeat Activate	heartbeat support.

       Regularly ping client via heartbeat extension messages

       --x509fmtder Use	DER format for certificates to read from.

       --priority=str Priorities string.

       TLS algorithms and protocols to enable. You can use predefined sets of
       ciphersuites such as PERFORMANCE, NORMAL, SECURE128, SECURE256. The de-
       fault is	NORMAL.

       Check  the  GnuTLS  manual  on  section	"Priority strings" for more
       information on allowed keywords

       --dhparams=file DH params file to use.

       --x509cafile=str	Certificate file or PKCS #11 URL to use.

       --x509crlfile=file CRL file to use.

       --pgpkeyfile=file PGP Key file to use.

       NOTE: THIS OPTION IS DEPRECATED

       --x509keyfile=str X.509 key file	or PKCS	#11 URL	to use.	 This option
       may appear an unlimited number of times.

       Specify the private key file or URI to use; it must correspond to the
       certificate specified in	--x509certfile.	Multiple keys and certificates
       can be specified	with this option and in	that case each occurrence of
       keyfile must be followed	by the corresponding x509certfile or
       vice-versa.

       --x509certfile=str X.509	Certificate file or PKCS #11 URL to use.  This
       option may appear an unlimited number of	times.

       Specify the certificate file or URI to use; it must correspond to the
       key specified in	--x509keyfile. Multiple	keys and certificates can be
       specified with this option and in that case each	occurrence of keyfile
       must be followed	by the corresponding x509certfile or vice-versa.

       --x509dsakeyfile	This is	an alias for the --x509keyfile option.

       NOTE: THIS OPTION IS DEPRECATED

       --x509dsacertfile This is an alias for the --x509certfile option.

       NOTE: THIS OPTION IS DEPRECATED

       --x509ecckeyfile	This is	an alias for the --x509keyfile option.

       NOTE: THIS OPTION IS DEPRECATED

       --x509ecccertfile This is an alias for the --x509certfile option.

       NOTE: THIS OPTION IS DEPRECATED

       --rawpkkeyfile=str Private key file (PKCS #8 or PKCS #12) or PKCS #11
       URL to use.  This option	may appear an unlimited	number of times.

       Specify the private key file or URI to use; it must correspond to the
       raw public-key specified	in --rawpkfile.	Multiple key pairs can be
       specified with this option and in that case each	occurrence of keyfile
       must be followed	by the corresponding rawpkfile or vice-versa.

       In order	to instruct the	application to negotiate raw public keys one
       must enable the respective certificate types via	the priority strings
       (i.e. CTYPE-CLI-* and CTYPE-SRV-* flags).

       Check  the  GnuTLS  manual  on  section	"Priority strings" for more
       information on how to set certificate types.

       --rawpkfile=str Raw public-key file to use.  This option	may appear an
       unlimited number	of times.  This	option must appear in combination with
       the following options: rawpkkeyfile.

       Specify the raw public-key file to use; it must correspond to the pri-
       vate key	specified in --rawpkkeyfile. Multiple key pairs	can be speci-
       fied with this option and in that case each occurrence of keyfile must
       be followed by the corresponding	rawpkfile or vice-versa.

       In order	to instruct the	application to negotiate raw public keys one
       must enable the respective certificate types via	the priority strings
       (i.e. CTYPE-CLI-* and CTYPE-SRV-* flags).

       Check  the  GnuTLS  manual  on  section	"Priority strings" for more
       information on how to set certificate types.

       --srppasswd=file	SRP password file to use.

       --srppasswdconf=file SRP	password configuration file to use.

       --pskpasswd=file	PSK password file to use.

       --pskhint=str PSK identity hint to use.

       --ocsp-response=str The OCSP response to	send to	client.	 This option
       may appear an unlimited number of times.

       If the client requested an OCSP response, return	data from this file to
       the client.

       --ignore-ocsp-response-errors Ignore any	errors when setting the	OCSP
       response.

       That option instructs gnutls to not attempt to match the	provided OCSP
       responses with the certificates.

       -p num, --port=num The port to connect to.  This	option takes an	inte-
       ger number as its argument.

       -l, --list Print	a list of the supported	algorithms and modes.

       Print a list of the supported algorithms	and modes. If a	priority
       string is given then only the enabled ciphersuites are shown.

       --provider=file Specify the PKCS	#11 provider library.

       This will override the default options in /usr/lo-
       cal/etc/gnutls/pkcs11.conf

       --keymatexport=str Label	used for exporting keying material.

       --keymatexportsize=num Size of the exported keying material.  This op-
       tion takes an integer number as its argument.

       --recordsize=num	The maximum record size	to advertise.  This option
       takes an	integer	number as its argument.	 The value of num is con-
       strained	to being:
	   in the range	0 through 16384

       --httpdata=file The data	used as	HTTP response.

       --timeout=num The timeout period	for server.  This option takes an in-
       teger number as its argument.

       --attime=timestamp Perform validation at	the timestamp instead of the
       system time.

       timestamp is an instance	in time	encoded	as Unix	time or	in a human
	readable timestring such as "29	Feb 2004", "2004-02-29".  Full docu-
       mentation available at <https://www.gnu.org/software/coreutils/man-
       ual/html_node/Date-input-formats.html> or locally via info '(coreutils)
       date invocation'.

       -v arg, --version=arg Output version of program and exit.  The default
       mode is `v', a simple version.  The `c' mode will print copyright in-
       formation and `n' will print the	full copyright notice.

       -h, --help Display usage	information and	exit.

       -!, --more-help Pass the	extended usage information through a pager.

       EXAMPLES
	      Running  your  own TLS server based on GnuTLS can	be useful when
	      debugging	clients	and/or GnuTLS itself.  This section  describes
	      how to use gnutls-serv as	a simple HTTPS server.

	      The most basic server can	be started as:

		  gnutls-serv --http --priority	"NORMAL:+ANON-ECDH:+ANON-DH"

	      It  will	only  support  anonymous  ciphersuites,	which many TLS
	      clients refuse to	use.

	      The next step is to add support for X.509.  First	we generate  a
	      CA:

		  $ certtool --generate-privkey	> x509-ca-key.pem
		  $ echo 'cn = GnuTLS test CA' > ca.tmpl
		  $ echo 'ca' >> ca.tmpl
		  $ echo 'cert_signing_key' >> ca.tmpl
		  $ certtool --generate-self-signed --load-privkey x509-ca-key.pem   --template	ca.tmpl	--outfile x509-ca.pem

	      Then  generate  a	 server	 certificate.	Remember to change the
	      dns_name value to	the name of your server	 host,	or  skip  that
	      command to avoid the field.

		  $ certtool --generate-privkey	> x509-server-key.pem
		  $ echo 'organization = GnuTLS	test server' > server.tmpl
		  $ echo 'cn = test.gnutls.org'	>> server.tmpl
		  $ echo 'tls_www_server' >> server.tmpl
		  $ echo 'encryption_key' >> server.tmpl
		  $ echo 'signing_key' >> server.tmpl
		  $ echo 'dns_name = test.gnutls.org' >> server.tmpl
		  $ certtool --generate-certificate --load-privkey x509-server-key.pem	 --load-ca-certificate x509-ca.pem --load-ca-privkey x509-ca-key.pem   --template server.tmpl --outfile	x509-server.pem

	      For  use	in  the	client,	you may	want to	generate a client cer-
	      tificate as well.

		  $ certtool --generate-privkey	> x509-client-key.pem
		  $ echo 'cn = GnuTLS test client' > client.tmpl
		  $ echo 'tls_www_client' >> client.tmpl
		  $ echo 'encryption_key' >> client.tmpl
		  $ echo 'signing_key' >> client.tmpl
		  $ certtool --generate-certificate --load-privkey x509-client-key.pem	 --load-ca-certificate x509-ca.pem --load-ca-privkey x509-ca-key.pem   --template client.tmpl --outfile	x509-client.pem

	      To be able to import the client key/certificate into some	appli-
	      cations, you will	need to	convert	them into a PKCS#12 structure.
	      This also	encrypts the security sensitive	key with a password.

		  $ certtool --to-p12 --load-ca-certificate x509-ca.pem	  --load-privkey x509-client-key.pem --load-certificate	x509-client.pem	  --outder --outfile x509-client.p12

	      For icing, we'll create a	proxy certificate for the client too.

		  $ certtool --generate-privkey	> x509-proxy-key.pem
		  $ echo 'cn = GnuTLS test client proxy' > proxy.tmpl
		  $ certtool --generate-proxy --load-privkey x509-proxy-key.pem	  --load-ca-certificate	x509-client.pem	--load-ca-privkey x509-client-key.pem	--load-certificate x509-client.pem --template proxy.tmpl   --outfile x509-proxy.pem

	      Then start the server again:

		  $ gnutls-serv	--http		   --x509cafile	x509-ca.pem		--x509keyfile x509-server-key.pem	      --x509certfile x509-server.pem

	      Try connecting to	the server using your web browser.  Note  that
	      the server listens to port 5556 by default.

	      While  you  are at it, to	allow connections using	ECDSA, you can
	      also create a ECDSA key and certificate for the  server.	 These
	      credentials will be used in the final example below.

		  $ certtool --generate-privkey	--ecdsa	> x509-server-key-ecc.pem
		  $ certtool --generate-certificate --load-privkey x509-server-key-ecc.pem   --load-ca-certificate x509-ca.pem --load-ca-privkey x509-ca-key.pem   --template server.tmpl --outfile x509-server-ecc.pem

	      The next step is to add support for SRP authentication. This re-
	      quires  an SRP password file created with	srptool.  To start the
	      server with SRP support:

		  gnutls-serv --http --priority	NORMAL:+SRP-RSA:+SRP		 --srppasswdconf srp-tpasswd.conf	      --srppasswd srp-passwd.txt

	      Let's also start a server	with support for PSK. This  would  re-
	      quire a password file created with psktool.

		  gnutls-serv --http --priority	NORMAL:+ECDHE-PSK:+PSK		   --pskpasswd psk-passwd.txt

	      If  you  want  a	server with support for	raw public-keys	we can
	      also add these credentials. Note however that there is no	 iden-
	      tity  information	linked to these	keys as	is the case with regu-
	      lar x509 certificates. Authentication must be done via different
	      means. Also we need to explicitly	enable raw public-key certifi-
	      cates via	the priority strings.

		  gnutls-serv --http --priority	NORMAL:+CTYPE-CLI-RAWPK:+CTYPE-SRV-RAWPK	     --rawpkfile srv.rawpk.pem		   --rawpkkeyfile srv.key.pem

	      Finally, we start	the server with	all the	earlier	parameters and
	      you get this command:

		  gnutls-serv --http --priority	NORMAL:+PSK:+SRP:+CTYPE-CLI-RAWPK:+CTYPE-SRV-RAWPK	       --x509cafile x509-ca.pem		    --x509keyfile x509-server-key.pem		  --x509certfile x509-server.pem	     --x509keyfile x509-server-key-ecc.pem	       --x509certfile x509-server-ecc.pem	      --srppasswdconf srp-tpasswd.conf		   --srppasswd srp-passwd.txt		  --pskpasswd psk-passwd.txt		 --rawpkfile srv.rawpk.pem	       --rawpkkeyfile srv.key.pem

EXIT STATUS
       One of the following exit values	will be	returned:

       0  (EXIT_SUCCESS) Successful program execution.

       1  (EXIT_FAILURE) The operation failed or the command syntax was	not
       valid.

       SEE ALSO
	      gnutls-cli-debug(1), gnutls-cli(1)

AUTHORS
COPYRIGHT
       Copyright (C) 2020-2023 Free Software Foundation, and others all	rights
       reserved.  This program is released under the terms of the GNU  General
       Public License, version 3 or later

BUGS
       Please send bug reports to: bugs@gnutls.org

3.8.9				  08 Feb 2025			gnutls-serv(1)

---

NAME | SYNOPSIS | DESCRIPTION | OPTIONS | EXIT STATUS | AUTHORS | COPYRIGHT | BUGS

Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=gnutls-serv&sektion=1&manpath=FreeBSD+Ports+14.3.quarterly>

home | help

---

Legal Notices | © 1995-2025 The FreeBSD Project. All rights reserved.

Contact