Hi, I realised that I wrote something silly earlier
> > From a certificate issuer point of view, I'd like to see the
> > ca-fix program.
> The ca-fix program is not needed with OpenSSL 0.9.5 anymore, as it was
> intended to fix some x509v3 extensions, but these can now be added
> with the ca, x509, etc. commands.
<ahem> I see you've found the deliberate mistake.
I was working off an old version of the pkcs#12 pages, you're right ca-fix
is no longer supported. I spent a while working out how to tweak my CA
certificate to fix this one, but gave up and decided it was easier to make a
new CA cert. I suspect that you can take the pem, make it into a vanilla
RSA key and wrap it up with new extensions into a new x509, but OpenSSL
isn't the most logically designed package, and it screaming for some proper
docs. Currently everyone seems to learn by osmosis.
Also, the possible bug I mentioned earlier was not true - it was me
discovering the difference between critical extensions and those that
aren't.
I apologise for the random comments before.
Regards,
Luke
