On Tue, Sep 26, 2006, Marco Rossi wrote: > > > Maybe I don't understand what -purpose shows: >
It shows the purposes for which the certificate can be used. This is determined by the extensions the CA decides to put in the certificate. An end user can't change this. > If I issue the command you mention, I see on the field > x509v3 extentions (ommiting the rest for brevity) > > # openssl x509 -in cert.pem -noout -text > <omit> > > Netscape Cert Type: > SSL Server > X509v3 Extended Key Usage: > Netscape Server Gated Crypto, TLS Web > Server Authentication, TLS Web Client Authentication > Authority Information Access: > OCSP - URI:http://ocsp.verisign.com > Its the above extension, specifically Netscape cert type that indicate it can only be used as an SSL server certificate. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
