Lutz Jaenicke wrote:
>
> Hi netters,
>
> I am playing with client certificates for some time. Yesterday I stumbled
> over the question of using client certificates created with OpenSSL for
> signing/encryption of emails with netscape.
> When trying to use a (otherwise working) client certificate for signing,
> Netscape complains however that the certificate is not valid for email.
> This is contrary to the statement on Stephen Hanson's PKCS12 FAQ and the
> comments in openssl.cnf:
> # Here are some examples of the usage of nsCertType. If it is omitted
> # the certificate can be used for anything *except* object signing.
> How can I find out what is going wrong?
> With OpenSSL 0.9.1c I had the ca-fix tool which however does not compile
> with 0.9.2b (and should not be needed anyway).
Can you print out the certificate that is doesn't like using "openssl
x509 -in cert.pem -text" ? That should make it easier to diagnose the
problem.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
