Hi, > Dmitrij Mironov wrote:
> This extension MUST appear in certificates that contain public keys > that are used to validate digital signatures on other public key > certificates or CRLs. When this extension appears, it SHOULD be > marked critical. It MUST appear but it SHOULD be marked as critical > As I understand from this - CA (in most cases) must have key usage > extension > and CA/end user certificates which have key usage ext. MUST have it marked > critical. By default OpenCA certificates are issued with non critical > extensions. Is this bug in OpenCA or those certificates profiles are > defined > only as examples? I wouldn't mark any extension as critical unless the certificate and crl profile says I must (e.g for a CA certificate). In case an extension is critical and the application does not know it, it will fail. Regards ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Openca-Users mailing list Openca-Users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openca-users