Thanks a lot Robert,
But... I am still wondering what it means in simple english ???
All I understand is I probably need to have a new extension file called say
"OCSP_Validator.ext" (say a copy of Web_Server.ext), and add the following line just
below keyUsage line :
extendedKeyUsage = OCSPSigning
This is what I did, based on above, but did not succeed :
1. I created a csr using openssl (config :
/usrlocal/openca/OpenCA/etc/openssl/openssl.cnf)
2. Used OpenCA to request for a server cert for the above csr.
3. Modified Web_Server.ext to add line --- extendedKeyUsage = OCSPSigning (just below
keyUsage).
4. Edit and Approve cert at RA.
5. At CA : Issue cert : Gave the following error :
Error 690
Configuration Error. Error while storing role in cert-object.
Would appreciate if there are any more details on setting this.
Thanks
Pramila
-----Original Message-----
From: Robert Hannemann [mailto:[EMAIL PROTECTED]]
Sent: 12 June 2002 12:33
To: Pramila Rani
Cc: [EMAIL PROTECTED]; Openca-Users (E-mail)
Subject: Re: [Openca-Users] OpenCA-OCSPD
Hi,
this is, what Massimiliano anwsered me some weeks ago:
"Simply use an extension where the OCSPSigning is set in the extendedkeyusage
extension."
Regards,
Robert
_______________________________________________________________
Sponsored by:
ThinkGeek at http://www.ThinkGeek.com/
_______________________________________________
Openca-Users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/openca-users
