Dear all,
Let me ask that if I omit to specify the nsCertType extension,
the certificate can be used for keyEncippherment even I specify
the digitalSignature only in keyUsage?
Does anyone knows that Netscape recognizes the keyUsage bit and limits
the usage of the certificate?
Regards,
Kiyoshi,
Kiyoshi WATANANBE
Hitachi, Ltd.
-------------------------------openssl.cnf----------------------
# Here are some examples of the usage of nsCertType. If it is omitted
# the certificate can be used for anything *except* object signing.
#
#
# For an object signing certificate this would be used.
# nsCertType = objsign
#
# For normal client use this is typical
# nsCertType = client, email
#
# and for everything including object signing:
#
nsCertType = client, email, objsign
#nsCertType = client
#nsCertType = email
#nsCertType = objsign
#nsCertType = client, email
# This is typical in keyUsage for a client certificate.
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]