On 02/23/2012 10:49 AM, Ashok C wrote:
Hi,
What would be the most efficient and easiest way to distinguish a CA certificate from an actual
server/client(end entity) certificate?
We were thinking of identifying the CA with the "CA:TRUE" constraint from the text display, but
again this check does not cover x509 v1 certificates where this extension is not present.
Is there any command/openSSL API available which would serve this purpose?
a v1 certificate (if you want)
or v3 cert with both CA:true*and keyusage has certsign bit.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org