Hello!!
I'm trying to generate certificates whose purpose are restricted.
i.e, one certificate/key can only be used to sign or key exchange, or....
I've request some certificates from Verisign and Thawte.
We can see the certificate/key purpose in IE5,
and those certificate issued by Verisign and Thawte can be restricted for
only few purpose.
But I can't generate certificate like that.
I'm using openssl-0.9.3a.
I've try to add keyUsage(or nsCertType) field in my certificate,
and use "openssl pkcs12 -export ...... -keysign(or -keyex)" to generate
pkcs12 format, then import it into IE5.
But IE5 still says that my certificate can be used for
many other purpose.... :(
If anybody knows how to generate certificate like those generated by Verisign
and Thawte....etc. ??
kufan
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
