gnutls_certificate_get_issuer - Linux


gnutls_certificate_get_issuer is a library function used to retrieve the issuer information from a provided X.509 certificate. This is useful for tracing the chain of trust and verifying the certificate authority (CA) that issued the target certificate.


#include <gnutls/gnutls.h>

int gnutls_certificate_get_issuer(gnutls_certificate_type_t type,
                                  gnutls_datum_t cert, gnutls_x509_crt_t *issuer);




Retrieve the issuer from a certificate stored in a file:

#include <gnutls/gnutls.h>

int main(int argc, char *argv[]) {
  gnutls_certificate_type_t type = GNUTLS_CRT_X509;
  gnutls_datum_t cert = { .data = (unsigned char *)"certificate.pem",
                           .size = strlen("certificate.pem") };
  gnutls_x509_crt_t issuer;

  if (gnutls_certificate_get_issuer(type, cert, &issuer) == 0) {
    // issuer information is now available in the issuer variable
    // ... process the issuer information as needed


  return 0;

Common Issues

  • Ensure that the provided certificate is in a recognizable format (e.g., X.509).
  • Check the return value of the function to ensure successful retrieval of the issuer.


gnutls_certificate_get_issuer can be used with other GNUTLS functions to validate certificates and establish secure connections. For example, it can be used in conjunction with gnutls_certificate_get_dn to extract specific fields from the issuer’s distinguished name.

Related Commands

  • gnutls_certificate_get_subject
  • gnutls_certificate_get_subject_alt_name
  • gnutls_certificate_get_validity