The extension nsCertType "server" is only working if the -extensions
server is specified when creating the csr and key.
diff -urN build-key-server.orig build-key-server
--- build-key-server.orig 2005-01-10 11:08:20.000000000 +0200
+++ build-key-server 2005-01-10 11:09:19.000000000 +0200
@@ -14,7 +14,7 @@
if test $KEY_DIR; then
cd $KEY_DIR && \
- openssl req -days 3650 -nodes -new -keyout $1.key -out $1.csr -config
$KEY_CONFIG && \
+ openssl req -days 3650 -nodes -new -keyout $1.key -out $1.csr
-extensions server -config $KEY_CONFIG && \
openssl ca -days 3650 -out $1.crt -in $1.csr -extensions server -config
$KEY_CONFIG
else
echo you must define KEY_DIR
Cheers,
--
Nir
