This helps - thanks a lot I guess in the current version of OpenCA i can choose in a CertReq beetwen MS IE and Netscape specific Types but not between the kind of Cert ( encrypting or signing or ssl client or obj signing ). If i am right - is it in planning for the near future ?
Thanks and Regards, Robert Massimiliano Pala schrieb: > Robert Hannemann wrote: > > > > Hello, > > Hi, > > > Wich extensions should have a CA cert to be able for signing SSL Client Certs - > > and wich extensions ( in openssl.cnf ) the Client Cert must have ? > > Well, you can have a look into the openssl/docs directory (openssl.txt) > where there is an extensions description. Anyway a CA is enabled to sign > any kind of certificate, just set the CA:TRUE in the basicConstains, you > can also use the sslCA in the nsCertType but it is not requested. For > clients you can use: > > nsCertType=client, email > keyUsage=digitalSignature,keyEncipherment,dataEncipherment, > keyAgreement > > (digital signature is not required, I guess, but suggested) > > Hope this helps. Don't forget to post your questions to the mailing lists > (users) for the sake of all the subscribers... :-D > > -- > > C'you, > > Massimiliano Pala > > --o------------------------------------------------------------------------- > Massimiliano Pala [OpenCA Project Manager] [EMAIL PROTECTED] > [EMAIL PROTECTED] > [EMAIL PROTECTED] > http://www.openca.org Tel.: +39 (0)59 270 094 > http://openca.sourceforge.net Mobile: +39 (0)347 7222 365 _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
