Hello,
> On Saturday 26 May 2007 21:38, Victor Duchovni wrote:
> > On Sat, May 26, 2007 at 10:11:08PM +0200, Marek Marcola wrote:
> > > $ openssl x509 -in cert.pem -text -noout
> > > .
> > > .
> > > X509v3 extensions:
> > > X509v3 Basic Constraints:
> > > CA:FALSE
> > > X509v3 Key Usage:
> > > Digital Signature, Non Repudiation, Key Encipherment
> > > .
> >
> > Perhaps a mini-ca will help. See "ca.sh", "cert.sh" and "openssl.cnf"
> > used as follows:
> [snip]
>
> Thanks Victor,
>
> Can you see anything amiss with my attached openssl.cnf?
Your openssl.cnf looks good, but to get certificate with keyUsage
you must issue new certificate and then check for extensions.
This file is only consulted when issuing certificate.
When issuing certificate you will see certificate details
with (or without :-) keyUsage information:
$ openssl ca -config openssl.cnf -in req.pem
Using configuration from openssl.cnf
Enter pass phrase for /some/path/cakey.pem:
Check that the request matches the signature
Signature ok
Certificate Details:
....
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Key Usage:
Digital Signature, Non Repudiation, Key Encipherment,
Key Agreement
....
Certificate is to be certified until May 26 22:37:53 2008 GMT (365 days)
Sign the certificate? [y/n]:
Best regards,
--
Marek Marcola <[EMAIL PROTECTED]>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
