Massimiliano Pala wrote:
>
>
> So, what I have to do ?? I do have to set the CA subject to something like:
>
> CN=CA Operator, O=OpenCA, C=IT
>
Yes that ought to do it.
> Another question: as far as I know Netscape likes only v1 CRLs (without
> extentions... is that true ???
>
Well even v2 CRLs without extensions choke Netscape: I've tried two CRLs
which were identical except one is v1 the other v2.
I'm not sure what happens if you try a v1 CRL with extensions (which
violates RFC2459).
Oh and don't even think about using BMPStrings or UTF8Strings in
certificates or CRLs BTW.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
