On 2016-04-04 at 16:06 +0530, Geetika Kapoor wrote: > Hi, > > I think your missing on -. > > command should be > certutil -A -d . -n foo -i TooatCA.pem --extNC -t "C,C,C" > > Thanks
Indeed. Thanks Geetika. Still, albeit this makes a certificate generation to prompt for the name contraints (I'd make the prompt more explicit than «Enter data», though) when running: certutil -S -d . -s "CN=Example.org" -n my-ca-cert -x -t "C,C,C" --extNC I see no difference for certutil -A -d . -n foo -i TooatCA.pem --extNC -t "C,C,C" There is no prompt, and the existing root is added unconstrained. :-( -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
