Matthew Enger wrote:
>
> Hello,
> I am running openssl-0.9.2b and have sucessfully generated a
> certificate I wish to use for a authority. I was following some old
> instrcutions for createing a CA under SSLey and was wondering if I still
> need to ca-fix a certificcate in order for it to work on netscape.
>
> I run Netscape at home and it seems to accept the certificate
> fine, but I want to check before I have problems latter down the line.
>
The new extension code can handle any extensions ca-fix can and several
it cannot. The only case where ca-fix may still be useful is if you use
'x509' to sign a certificate request instead of 'ca' or 'req -x509'. In
the current snapshot 'x509' is handled as well. The new options are
documented in doc/openssl.txt
If you print out the certificate with:
openssl x509 -text -in cert.pem -noout
and it includes CA:TRUE for Basic Constraints then you should be OK.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
