On May 3, 2005, at 1:12 PM, Dr. Stephen Henson wrote:
openssl shows "Key Encipherment" for both certifcates. Is the e0/a0 issue a MS undocumented "feature"?If I use Windows Certificate viewer, the certificate generated with OpenSSL has Key Encipherment (e0) as a Key Usage, while a certificate generated through MS Certificate Server has Key Encipherment (a0).
What do you get in the keyUsage extension when you do:
openssl x509 -in cert.pem -noout -text
The first one is the openssl certificate, the second one is the MS Certificate Server one:
Certificate:
[...]
X509v3 Key Usage:
Digital Signature, Non Repudiation, Key Encipherment
1.3.6.1.4.1.311.20.2:
. .D.o.m.a.i.n.C.o.n.t.r.o.l.l.e.r
X509v3 Subject Alternative Name:
othername:<unsupported>, DNS:pig-dc.guinea.corp
[...]Certificate:
[...]
X509v3 extensions:
X509v3 Key Usage:
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Client Authentication, TLS Web Server Authentication
1.3.6.1.4.1.311.20.2:
. .D.o.m.a.i.n.C.o.n.t.r.o.l.l.e.r
[...]
Andrea
______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
