Michael,
On Wed, 2004-05-19 at 11:32, Michael Konietzka wrote:
Ok, but how should I handle the different keyUsage in certification process?
The OpenCA way of doing this is to have a different "Role" for each certificate type. So I would have a "Sign" role where the key usage is set to: keyUsage = nonRepudiation, digitalSignature extendedKeyUsage: TLS Web client authentication, E-mail protection
and a "Encrypt" role where the key usage is set to: keyUsage = keyEncipherment, dataEncipherment, keyAgreement
OK, done it this way using two different roles and it worked. But I am using for both certificates the client-side generation. Michael Bell said, for key recovery of the decryption certs i should use the batch processor. So i will check this out.
Best regards
Michael
--
Dipl.-Inform. Michael Konietzka Schlund + Partner AG
- Development UNIX - Brauerstraße 48
Webservices D-76135 Karlsuhe
http://www.schlund.de/ Germany-------------------------------------------------------
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE.
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
_______________________________________________
Openca-Users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/openca-users
