Hello.
I would like to seprate my client signing CA and server signing CA. I
would also like them to force their purpose, so if someone gets a hold of
my client signing CA, they can't use it to sign server certificates and
thus cannot claim they are a server on which clients can trust.
Is this possible? The standard Windows-included public CA certificates
seem to indicate this is possible (for example VeriSign's CAs include
following purposes "Proves your identity to remote computer" and "Ensures
the identity of a remote computer". I assume they refer client and server
certificates).
-Eljas Alakulppi
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
