On Wed, Nov 11, 1998, Kenneth Pettersson wrote:
> Joost Stegeman wrote:
> >Which field did you add? Did you remember to use the -nobscrit option
> >to remove the critical contraint. MS doesn't like that in a (CA) >cert.
>
> This sounds promising - at our first shot of creating a CA, we skipped
> the 'State' field (can't remember the abbreviation of this field
> though). This since SSLeay says it's ok to skip fields, and since the
> field isn't very relevant in Sweden. The -nobscrit option in combination
> with creating a CA, have I frankly not heard of - could someone tell me
> more about it?
The "-nobscrit" stands for "No Basic Contraint Critical" and so the option
says that the X.509 extension part named "Basic Constraint" is marked
non-critical. It basically/usally means that browsers should not reject a cert
just because they cannot handle this field.
> I have quickly scanned through the FAQ for the PKCS12 CA-fix, and seen
> the term there - is it the same option?
Yes, and the CA-fix you've seen is the same as mod_ssl uses under `make
certificate' (where -nobscrit is used, too).
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
______________________________________________________________________
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
