On Thu, Apr 28, 2005, Sven Löschner wrote: > Okay, first I changed the ns-entries with keyusage, then i put them in both. > None of these works: > > Server: > > X509v3 extensions: > X509v3 Basic Constraints: > CA:FALSE > Netscape Cert Type: > SSL Server > X509v3 Key Usage: > Certificate Sign, CRL Sign > Netscape Comment: > OpenSSL Generated Certificate > X509v3 Subject Key Identifier: > 45:86:99:16:7A:DD:6D:DD:FB:C6:78:CA:A3:82:13:33:17:BF:27:FD > X509v3 Authority Key Identifier: >
That fixed one problem but created another. The keyUsage is wrong this time. You need keyEncipherment and digitalSignature in there. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]