On Thu, Apr 28, 2005, Sven Löschner wrote:

> Okay, first I changed the ns-entries with keyusage, then i put them in both.
> None of these works:
> 
> Server:
> 
>  X509v3 extensions:
>             X509v3 Basic Constraints:
>             CA:FALSE
>             Netscape Cert Type:
>             SSL Server
>             X509v3 Key Usage:
>             Certificate Sign, CRL Sign
>             Netscape Comment:
>             OpenSSL Generated Certificate
>             X509v3 Subject Key Identifier:
>             45:86:99:16:7A:DD:6D:DD:FB:C6:78:CA:A3:82:13:33:17:BF:27:FD
>             X509v3 Authority Key Identifier:
>  

That fixed one problem but created another. The keyUsage is wrong this time.
You need keyEncipherment and digitalSignature in there.

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to