Michael, On Wed, 2004-05-19 at 11:32, Michael Konietzka wrote: > Ok, but how should I handle the different keyUsage in certification > process? > The OpenCA way of doing this is to have a different "Role" for each certificate type. So I would have a "Sign" role where the key usage is set to: keyUsage = nonRepudiation, digitalSignature extendedKeyUsage: TLS Web client authentication, E-mail protection
and a "Encrypt" role where the key usage is set to: keyUsage = keyEncipherment, dataEncipherment, keyAgreement This is how I do it on my CAs. There was a discussion thread about 18 months ago on this list which basically said that this is how to do it ! Chris... ------------------------------------------------------- This SF.Net email is sponsored by: SourceForge.net Broadband Sign-up now for SourceForge Broadband and get the fastest 6.0/768 connection for only $19.95/mo for the first 3 months! http://ads.osdn.com/?ad_id=2562&alloc_id=6184&op=click _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
