On Fri, 2004-09-24 at 03:22, Michael Bell wrote: > > Shouldn't my first cert have basicConstraints CA:true instead of > > CA:FALSE? > > I think you are a little bit confused.
You're right. I was. Thanks for clearing that up. :-) > > 1. A root CA certificate is the self-signed certificate of the CA. This > certificate only signs other certificates and CRLs. CA:FALSE shows me > that you try to download a normal certificate. You must import the CA > certificate as signer (CA) certificate. > > 2. The first certificate is the first certificate signed by the CA. this > certificate must have CA::FALSE because it is usually not the > certificate of sub CA. Yesterday, I used the /pub page, chose Certificates, and then chose Valid and downloaded all 6 certificates that I've generated with this installation of OpenCA going by certificate serial numbers. After reading your reply, I looked for other methods to get the root CA certificate as a signer and this time used the CA Infos and Get CA Certificate links and when I examine this certificate, it does have CA:TRUE, and I see that the serial number for this root CA certificate is serial number 0 (which was not present in the list of certificates that I generated with the previous method---probably by design, I guess). I was thinking that the certificate with serial number 1 was the signer, but now I see that it is serial number 0. Thanks for clearing that up, Michael. -Kevin ------------------------------------------------------- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
