Hi,
We are using openSSL command line tool for generating version 3 CA
certificates as well IKE initiator/Responder certificates. We have the
following doubts in our mind, Could you please clarify the same.
1. Does openSSL support version 3 certificate which is compliant
to RFC 5280?
2. Does openSSL supports the following (Mandatory/Optional)
extensions for CA Certificate as per section 6.1.4 of 3GPP spec TS
33.310.
Mandatory:
1. key usage: keyCertSign and cRLSign.
2. basic constraints: CA=True, path length 0.
Optional:
3. authority key identifier.
4. subject key identifier.
Regards
Manas Lenka
