Hi netters,
I am playing with client certificates for some time. Yesterday I stumbled
over the question of using client certificates created with OpenSSL for
signing/encryption of emails with netscape.
When trying to use a (otherwise working) client certificate for signing,
Netscape complains however that the certificate is not valid for email.
This is contrary to the statement on Stephen Hanson's PKCS12 FAQ and the
comments in openssl.cnf:
# Here are some examples of the usage of nsCertType. If it is omitted
# the certificate can be used for anything *except* object signing.
How can I find out what is going wrong?
With OpenSSL 0.9.1c I had the ca-fix tool which however does not compile
with 0.9.2b (and should not be needed anyway).
Best regars,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
