Patrick wrote: > > It looks like CMS by default has the following key usages when creating a > new SSL server certificate: > Digital Signature > Non Repudiation > Key Encipherment > Data Encipherment > > But doesn't the X.509 standard require only Key Encipherment for SSL Server > apps?
X.509 does not speak to usage by SSL servers, AFAIK. > Do SSL server certs typically come with all these usages? Couldn't say. > Would a SSL server cert with *only the Key Encipherment* usage be OK > for an SSL/NSS Server app? As long as the public key in the cert was an RSA public key (as opposed to some other type, such as DSA), then yes. NSS would allow it to be used as an SSL server cert. > > -- POC -- Nelson Bolyard Disclaimer: I speak for myself, not for Netscape
