* We generated intermediate02 such that it has "basicConstraints" extension and "keyUsage" missing. Now we used this intermediate 02 CA to sign server certificate.
If those extensions, which are *optional,* are not present, then there is no limit on how the keys may be used, or how long the cert chain may be. OpenSSL is doing the right thing. If you want to add them, and you cannot upgrade, then read about the openssl config file syntax. Good luck.
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
