On Sat, May 14, 2005, Alex Liberman wrote: > Hello, > > I am trying to sign a certificate such that the resulting certificate > is only valid for the purposes I specify, however by default the > certificate is valid for "any" purpose. >
What purposes do you want to specify? If you want to restrict the end entity (i.e. user) certificate then probably a combination of keyUsage and extendedKeyUsage is needed. > I tried adding the property > > inhibitAnyPolicy = 1 > That's associated with certificate policy processing and not what you want. > as noted in http://www.openssl.org/docs/apps/x509v3_config.html > however openssl version g doesn't seem to recognize that property. > > Also I didn't see the above doc in my openssl-0.9.7.g distribution, > so maybe that property is only valid in older versions of openssl? > No its only valid in a newer version of OpenSSL. The docs on the site refer to the current development version of OpenSSL, i.e. 0.9.8-dev. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
