[EMAIL PROTECTED] wrote: > > Hi, > I want to generate a pkcs10 request with req command line tool but I > don't > know how to specify a particular key usage. > I know I have to work in openssl.cnf line marked 'req_extension'... what > kind of string has to be added in that line? >
Its req_extensions and you have to add a section name. The syntax of that section is the same as other extensions, see doc/openssl.txt for detailed information. For example: req_extensions = ext_req ... [ext_req] keyUsage = critical, digitalSignature, nonRepudiation A CA may ignore request extension information. OpenSSLs 'ca' command ignores request extension except in the latest development snapshot where this is an option to copy them to the certificate. Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto engineer, Gemplus: http://www.gemplus.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]