[openssl-users] keyusage digitalSignature in CA certs

Thu, 17 Aug 2017 06:21:33 -0700 

Should digitalSignature be included in keyusage in CA certs?


https://jamielinux.com/docs/openssl-certificate-authority/create-the-root-pair.html

Includes it.

https://stackoverflow.com/questions/21297139/how-do-you-sign-certificate-signing-request-with-your-certification-authority/21340898#21340898

Does not include it.
It seems to make a root or intermediate CA be able to have more purposes than it should? e.g. 

SSL client : Yes
SSL server : Yes
S/MIME signing : Yes

So which is the right for a CA's key usage?

thanks

Bob

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Reply via email to