@deftypefun {int} {gnutls_certificate_set_x509_key_file2} (gnutls_certificate_credentials_t @var{res}, const char * @var{certfile}, const char * @var{keyfile}, gnutls_x509_crt_fmt_t @var{type}, const char * @var{pass}, unsigned int @var{flags})
@var{res}: is a @code{gnutls_certificate_credentials_t}  structure.

@var{certfile}: is a file that containing the certificate list (path) for
the specified private key, in PKCS7 format, or a list of certificates

@var{keyfile}: is a file that contains the private key

@var{type}: is PEM or DER

@var{pass}: is the password of the key

@var{flags}: an ORed sequence of gnutls_pkcs_encrypt_flags_t

This function sets a certificate/private key pair in the
gnutls_certificate_credentials_t structure.  This function may be
called more than once, in case multiple keys/certificates exist for
the server.  For clients that need to send more than its own end
entity certificate, e.g., also an intermediate CA cert, then the
 @code{certfile} must contain the ordered certificate chain.

Note that the names in the certificate provided will be considered
when selecting the appropriate certificate to use (in case of multiple
certificate/key pairs).

This function can also accept URLs at  @code{keyfile} and  @code{certfile} . In that case it
will import the private key and certificate indicated by the URLs. Note
that the supported URLs are the ones indicated by @code{gnutls_url_is_supported()} .

In case the  @code{certfile} is provided as a PKCS @code{11}  URL, then the certificate, and its
present issuers in the token are are imported (i.e., the required trust chain).

@strong{Returns:} @code{GNUTLS_E_SUCCESS}  (0) on success, or a negative error code.
@end deftypefun