Thank you for your response.
I am basically skipping 20 years of PKI development and trying to get to
current best practices...
On 08/17/2017 09:50 AM, Erwann Abalea via openssl-users wrote:
Bonjour,
Le 17 août 2017 à 15:20, Robert Moskowitz a écrit :
Should
Bonjour,
> Le 17 août 2017 à 15:20, Robert Moskowitz a écrit :
>
> Should digitalSignature be included in keyusage in CA certs?
It depends on what you plan to do with the corresponding private key.
If you want this private key to sign messages other than certificates and
AFAIK it must.
Regards,
Uri
Sent from my iPhone
> On Aug 17, 2017, at 09:21, Robert Moskowitz wrote:
>
> Should digitalSignature be included in keyusage in CA certs?
>
>
> https://jamielinux.com/docs/openssl-certificate-authority/create-the-root-pair.html
>
> Includes