J.R-
chances are that Netscape communicator is looking at the nsCertType Extension within
the certificate. This extension is used to define specific usage characteristics
attributed to the certificate. If Communicator sees this extension it WILL apply
those usage characteristics for the cetrificate. I believe that you need to generate
the certificate with the following bit string in order to get the usage that you
desire - S/Mime and client certificates:
0x10100000
This option is configurable within the ssleay.cnf file - look for "nsCertType"
Another option is to make sure that this extension is ommitted from the certificate -
and if it is - Netscape products will allow the certificate to be used for pretty much
anything (CA, S/Mime, Client certs, server certs, etc)
I also believe that Netscape has a page that describes it's usage somewhere on there
web site describing what each bit flag is used for.
Andrew Gray
--
The Open Group
http://www.opengroup.org/~agray
+-------------------------------------------------------------------------+
| Administrative requests should be sent to [EMAIL PROTECTED] |
| List service provided by Open Software Associates, http://www.osa.com/ |
+-------------------------------------------------------------------------+
