Hi Folks, we have a 0.9.2 system running and am having some trouble making some necessary changes. We need to mark basicConstraints and keyUsage as critical. However, edits made to the openssl.cnf file seem to have no influence on generated certificates.
Question : We have separate CA and RA machines, which openssl.cnf file is used to determine settings such as basicConstraints and keyUsage when the user asks RA to generate their keys. (ie, the one on CA or RA ?) We are altering (both) openssl.cnf files with this addition [ usr_cert ] basicConstraints=critical, CA:FALSE keyUsage=critical, nonRepudiation, digitalSignature, key Encipherment Does this look right ? Grateful for any help people may be able to provide. David ------------------------------------------------------- This SF.Net email is sponsored by the JBoss Inc. Get Certified Today Register for a JBoss Training Course. Free Certification Exam for All Training Attendees Through End of 2005. For more info visit: http://ads.osdn.com/?ad_id=7628&alloc_id=16845&op=click _______________________________________________ Openca-Users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openca-users
