On 1/9/18 19:32, Viktor Dukhovni wrote:
This Key Usage is more appropriate. When the "Key Usage" is present in
a CA certificate, it*MUST* include "Certificate Sign".
That was indeed the problem. Thank you!! It seems strange to me that
OpenSSL will allow creation of a CA cert (CA:TRUE) that may not be used
to sign other certs.
I appreciate your help Viktor.
Norm
P.S. Seems you didn't need machine-readable certificates to help me
after all ;-)
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
