Re: RE : [Openca-Users] SSL Certificate

jolo tolo Tue, 23 Dec 2003 14:42:47 -0800

hello!
thanks for the answer!

but with basicConstraints = CA:false
keyUsage = cRLSign, keyCertSign
nsCertType = sslCA, emailCA


obtain this output whit
bash_jolo# openssl x509 -in cert.pem -purpose

Certificate purposes:
SSL client : No
SSL client CA : No
SSL server : No
SSL server CA : No
Netscape SSL server : No
Netscape SSL server CA : No
S/MIME signing : No
S/MIME signing CA : No
S/MIME encryption : No
S/MIME encryption CA : No
CRL signing : Yes
CRL signing CA : No
Any Purpose : Yes    <-------- this shuld be NO
Any Purpose CA : Yes <--------        "
OCSP helper : Yes
OCSP helper CA : No

in the field "Certificate Intended Purposes" is still appears <ALL>
and I am create my certificate anly for Secure Email, Server and Client 
Aunthentication 

i'dont know whats happend?
anywone can help me. please!!!

leo




> 
> If you have support for all the extensions, maybe you have forgotten to set
> basicConstraints = CA:false, this should help.
> 
> I've not fully found the answer for your first question, but :
> nsComment= "My company's Certification Authority Certificate"
> gives information about the certificate, not the issuer. Since it's common
> to every issued certificate of the same type, you can use it for giving
> information about your CA, I guess.
> Or else there is a "friendly name" parameter but I haven't played with it.
> 
> Regardes,
> 
> Barbara Post
> 
> PS : please post in plain text format.
> 
> -----Message d'origine-----
> De : [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] De la part de jolo tolo
> Envoy� : mardi 23 d�cembre 2003 00:39
> � : [EMAIL PROTECTED]
> Objet : [Openca-Users] SSL Certificate
> 
> 
> Hi everyone!
> I have two quesion:
> anyone knows which field, in the openssl.cnf file "put on" the link for the
> Statement of  Emitter (Declaration of the Emitter) this field is used for
> give more information about the CA.
> and a second questions is in the same file (openssl.cnf) which fiel or what
> statement is necesary for "raised propositos of the certificate"
> I probe which
>  nsCerType = sslCA, emailCA
> and 
> keyUsage = cRLSign, keyCertSign
> in the field v3_ca, but I still have support for all the extensions in the
> certificate create...
> thaks and sorry my poor english
> Leonardo Uzcategui
> Grupo de Seguridad de Computo
> Universidad de Los Andes
> M�rida -- Venezuela
> 
> 
> 
> 
> -------------------------------------------------------
> This SF.net email is sponsored by: IBM Linux Tutorials.
> Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
> Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
> Click now! http://ads.osdn.com/?ad_id78&alloc_id371&op=click
> _______________________________________________
> Openca-Users mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/openca-users

-- 
___________________________________________________________
Sign-up for Ads Free at Mail.com
http://promo.mail.com/adsfreejump.htm



-------------------------------------------------------
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
_______________________________________________
Openca-Users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/openca-users

Re: RE : [Openca-Users] SSL Certificate

Reply via email to