Thanks Oliver. We actually found files in that directory with an extension of 'ext' rather than 'cnf'. And they seemed to do the job that we were expecting.
Not exactly intuitive in my mumble opinion but it does seem to work! Now, on to our next problem, the list may hear about that too before long ! David On Tue, 2005-11-15 at 08:05 +0100, Oliver Welter wrote: > Hi David, > > > Question : We have separate CA and RA machines, which openssl.cnf file > > is used to determine settings such as basicConstraints and keyUsage when > > the user asks RA to generate their keys. (ie, the one on CA or RA ?) > You have to alter tha CA because this is where the openssl action happens > > > We are altering (both) openssl.cnf files with this addition > > > > [ usr_cert ] > > > > basicConstraints=critical, CA:FALSE > > keyUsage=critical, nonRepudiation, digitalSignature, key Encipherment > > You have to alter the file etc/openssl/extfiles/<Role>.cnf > > Oliver ------------------------------------------------------- This SF.Net email is sponsored by the JBoss Inc. Get Certified Today Register for a JBoss Training Course. Free Certification Exam for All Training Attendees Through End of 2005. For more info visit: http://ads.osdn.com/?ad_id=7628&alloc_id=16845&op=click _______________________________________________ Openca-Users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openca-users
