What I meant by DSA (not to spell it out Digital Signature Algorithms) is that most of my work is using certs for signing data not creating an SSL cert and signing with a CA.
Thanks a bunch for answering my question to 1) verify that the cert is signed by the CA I use this command openssl verify -CAfile $cacert rsapub.crt.pem 2) and this cert example is good for Apache SSL with the -purpose option shown that was used openssl x509 -in cerrtname.pem -noout -purpose (the -notext is a slip in the command shown geez) > Certificate purposes: > *SSL client : Yes* > SSL client CA : No > *SSL server : Yes* > SSL server CA : No > Netscape SSL server : Yes > Netscape SSL server CA : No -- View this message in context: http://openssl.6102.n7.nabble.com/SSL-certificate-and-CA-signed-and-purpose-tp46222p46236.html Sent from the OpenSSL - User mailing list archive at Nabble.com. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org