The CA certificate you have now plainly says that it is good only for signing object signing certs. If you want it to be valid for other purposes, such as for issuing SSL server certs, you must put those other purposes into the extended Key Usage extension.
My original intent was for object signing only. Our intranet servers already have self signed certificates that were created with OpenSSL. In the back of my mind I was thinking of using this CA cert and generating new SSL certificates from that. I probably was not very consistant in regard to that because I was getting lost in the details. I can work that out later so for purposes of this thread, object signing is the only needed use.
Bryan White _______________________________________________ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
