Team,
Can someone describe the correct extensions needed for the RAToken certificate?
I’ve been reading through most of the pki RFCs and the exact requirements are
hard to decipher. Also curious if the RA Certificate should signed by the
Intermediate (ca-signer) and be given a long lifetime, or if it should be
signed by root. Thanks in advance.
I currently have it set for
[ v3_ratoken_extensions ]
subjectKeyIdentifier = hash
basicConstraints = CA:FALSE
extendedKeyUsage = cmcRA, digitalSignature
_______________________________________________
OpenXPKI-users mailing list
OpenXPKI-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openxpki-users
