Hi, I am generating a client cert for Apache using openssl with my own CA as follows:
openssl genrsa -out client.key 1024 openssl req -new -key client.key -out client.csr openssl x509 -req -days 365 -CA myCA.cert -CAkey myCA.key -CAcreateserial -in client.csr -out client.crt openssl pkcs12 -chain -export -clcerts -CAfile myCA.cert -in client.crt -inkey client.key -out client.p12 -chain -name "Cert friendly name" When I import the cert into IE 5.5 everything is fine except that the cert is suitable for the following: Windows System Component Verification Windows Hardware Driver Verification Allow data on disk to be encrypted Allow secured communication on Internet Allow you to digitally sign a Certificate Trust List Allow data to be signed with the current time Ensure e-mail came from sender Protect e-mail from tampering Ensure the content of e-mail cannot be viewed by others Protect software from tampering after publication Ensure software came from software publisher Guarantee your identity to a remote computer QUESTION: How do I set the cert for basic options only, i.e. verify computer identity ??? Many thanks, Ed Harty. ----------------------------------------------------------------------------- ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
