Hi David,
Question : We have separate CA and RA machines, which openssl.cnf file is used to determine settings such as basicConstraints and keyUsage when the user asks RA to generate their keys. (ie, the one on CA or RA ?)
You have to alter tha CA because this is where the openssl action happens
We are altering (both) openssl.cnf files with this addition [ usr_cert ] basicConstraints=critical, CA:FALSE keyUsage=critical, nonRepudiation, digitalSignature, key Encipherment
You have to alter the file etc/openssl/extfiles/<Role>.cnf Oliver -- Diese Nachricht wurde digital unterschrieben oliwel's public key: http://www.oliwel.de/oliwel.crt Basiszertifikat: http://www.ldv.ei.tum.de/page72
smime.p7s
Description: S/MIME Cryptographic Signature
