Chris Covell wrote:
Michael,
On Wed, 2004-05-19 at 11:32, Michael Konietzka wrote:
Ok, but how should I handle the different keyUsage in certification
process?
The OpenCA way of doing this is to have a different "Role" for each
certificate type. So I would have a "Sign" role where the key usage is
set to:
keyUsage = nonRepudiation, digitalSignature extendedKeyUsage: TLS Web
client authentication, E-mail protection
and a "Encrypt" role where the key usage is set to:
keyUsage = keyEncipherment, dataEncipherment, keyAgreement
This is how I do it on my CAs. There was a discussion thread about 18
months ago on this list which basically said that this is how to do it !
Ok. I didn't check the older mails, my fault.
Now I found some messages about dual-key support and exporting the encryption
certifactes to the LDAP.
http://www.mail-archive.com/cgi-bin/htsearch?method=and&format=short&config=openca-users_lists_sourceforge_net&restrict=&exclude=&words=dual+key
Thanks
Michael
Btw:
The Geocrawler archive listed on http://www.openca.org/openca/mlists.shtml
are not uptodate, there should be a link to
http://www.mail-archive.com/openca-users%40lists.sourceforge.net/
etc.
--
Dipl.-Inform. Michael Konietzka Schlund + Partner AG
-------------------------------------------------------
This SF.Net email is sponsored by: SourceForge.net Broadband
Sign-up now for SourceForge Broadband and get the fastest
6.0/768 connection for only $19.95/mo for the first 3 months!
http://ads.osdn.com/?ad_id=2562&alloc_id=6184&op=click
_______________________________________________
Openca-Users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/openca-users
