Okay, first I changed the ns-entries with keyusage, then i put them in both.
None of these works:
Server:
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Cert Type:
SSL Server
X509v3 Key Usage:
Certificate Sign, CRL Sign
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
45:86:99:16:7A:DD:6D:DD:FB:C6:78:CA:A3:82:13:33:17:BF:27:FD
X509v3 Authority Key Identifier:
keyid:76:EE:35:D6:0E:71:45:CF:7D:7E:02:F9:93:C3:DB:B8:C2:2D:A5:D4
DirName:/C=DE/ST=test/L=test/O=MEX/OU=test/CN=test.net/[EMAIL PROTECTED]
t.net
serial:00
Signature Algorithm: md5WithRSAEncryption
Client:
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Cert Type:
SSL Client, S/MIME, Object Signing
X509v3 Key Usage:
Digital Signature, Non Repudiation, Key Encipherment
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
3F:B1:9B:92:B9:2B:72:01:3E:47:47:71:F1:82:27:BD:CC:80:E6:BD
X509v3 Authority Key Identifier:
keyid:76:EE:35:D6:0E:71:45:CF:7D:7E:02:F9:93:C3:DB:B8:C2:2D:A5:D4
DirName:/C=DE/ST=test/L=test/O=MEX/OU=test/CN=test.net/[EMAIL PROTECTED]
t.net
serial:00
Signature Algorithm: md5WithRSAEncryption
Sven
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of David C. Partridge
Sent: Donnerstag, 28. April 2005 18:04
To: openssl-users@openssl.org
Subject: RE: SSLVerifyClient
Also I'm surprised to see V3 cert with no KeyUsage section ...
It would also would be more normal to use Extended Key Usage to say it is
good for SSL Server etc. rather than use the old NetScape Cert Type ...
Dave
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
