Hi, I am trying to add extra extensions to certain certificates that I sign with my own CA.
1) I'd like all server generated certificates to have: basicConstraints = CA:false and one of the certificates to have: extendedKeyUsage = serverAuth I created an extra section called new_section in my config file and tried to use the -extensions new_section with my "openssl ca" command, which worked but it did not read the basicConstraints = CA:false also (unless I explicitly added that to the new_section, and then it did). Is there a way that I can / should be doing it so that my new_section only has the extra extensions that I wish to add to the certificate? 2) I am trying to generate a cert for OpenLDAP and I previously used the certtool command that read in from a config file. The extra options that I needed to add here are: tls_www_server, signing_key, encryption_key What are the corresponding options that I need in my openssl config file? I think that tls_ww_server is extendedKeyUsage = serverAuth but I am not sure about this or the other two. Thanks in advance for your help. Ken ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org