On Wed, Apr 09, 2008 at 10:31:36AM -0400, Big BDI wrote:
> Thank you for your suggestion, I was successful in
> getting Firefox to connect with the addition of v3
> extensions.
Cool! Which releases of Firefox support ECC?
> [ v3_server ]
> subjectKeyIdentifier=hash
> authorityKeyIdentifier=keyid:always,issuer:always
> basicConstraints = critical,CA:false
> keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment,
> dataEncipherment
> nsCertType = server
> issuerAltName=issuer:copy
"nsCertType" is obsolete. Instead use:
[ v3_server ]
basicConstraints = critical,CA:false
keyUsage = digitalSignature, keyEncipherment
extendedKeyUsage = serverAuth, clientAuth
subjectKeyIdentifier = hash # this first
authorityKeyIdentifier = keyid:always, issuer:always # and now this
adding "nsCertType" only if actual browsers still appear to need it, but
then include also the standard "extendedKeyUsage" extension. If you
don't want the server cert to be usable as an HTTPS client cert, you can
drop "clientAuth".
> After generating the new certs, Apache was running,
> finally! Thank you very much for your help.
>
> I had one last question; Will ECC support be added to
> mod_ssl in the future?
This is not really the apache developer mailing list, so unless the
right Apache people are here, you may have to ask on their list...
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
