I think the extension u have to use is
keyUsage = digitalSignature,nonRepudiation
Maybe this should work.
And tell me did u generate seperate digital
signing and encryption for the same dn i.e
for same information like C,L,CN,O,OU.
If u did it for same input, please let me know how to do it.
abhay balkrishna nadkarni wrote:
>Hi,
>
>I have created separate digital signing and encryption
>certificates for the purpose of secure E-mail, signed
>by a self-signed CA.
>
>In openssl.cnf the section usr_cert is as follows:
>
>[ usr_cert ]
>
># These extensions are added when 'ca' signs a request.
>basicConstraints=CA:FALSE
>nsCertType = email
>keyUsage = digitalSignature
>subjectKeyIdentifier=hash
>authorityKeyIdentifier=keyid,issuer:always
>
>My problem is:
>--
>
>I am able to send digitally signed mails with Netscape
>Communicator and the recipient's mail client (Netscape/
>OE) cannot send an encrypted mail using the received
>digital ID, which is what I want.
>
>IN OE however, before sending a digitally signed message,
>OE complains that I do not have a digital ID. But then
>it is able to send a digitally signed message.
>
>Can anybody point what the problem may be. Is there
>a way to eliminate this warning?
>
>
>
>__
>OpenSSL Project http://www.openssl.org
>User Support Mailing List[EMAIL PROTECTED]
>Automated List Manager [EMAIL PROTECTED]
>
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]