> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Dr Stephen Henson
> Sent: Thursday, September 23, 1999 01:13 AM
> To: [EMAIL PROTECTED]
> Subject: Re: signed and certified but not for email
>
>
> Samuel Liddicott wrote:
> > But the problem is that certificates, CA-signed and installed
> > are marked in
> > IE5 as fit for everything EXCEPT email and client-identification.
> >
> > They are marked for servers, code signing, encryped file
> > systems, all kinds
> > of stuff I have never heard of!
> >
>
> This is because IE5 by default assumes a CA certificate can be used for
> anything. You can change this by using the extended key usage extension:
> see the latest snapshot documentation for details.
>
> > The only thing that has changed is the openssl.cnf file as I am
> using the
> > default file + any changes I made to the ssleay.cnf file in the
> old days.
> >
>
> Hmmm thats odd. Try deleting+importing the CA again and see what usages
> it gives.
Will do.
> If the CA certificate allows email/client but the imported cert does not
> then something is amiss. I'm just not sure what yet :-)
The CA certificate has:
Subject Type=CA
Path Length Constraint=None
The certificate properties are "enable all purposes for this certificate"
and his ticks by client authentification and secure email.
THE PLOT THICKENS
So does my personal certificate when viewed under properties from IE5, but
when viewed under the certifiate manager (otions in outlook express 5),
Advanced then it does not have client auth or secure email ticked.
And whats weirder, on this computer it shows up as a usable cert in IE
(based on matching email addresses to account email address) but at home it
would not show up until I enabled "secure email" under the advanced screen
of the cert manager.
Looks like more investigation is needed here.
Sam
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
