Hi
> I was wondering if I could create my own E-Mail Certificate. I looked
> through OpenSSL docs but the only thing I could find about that topic was
a
> little function to encrypt and decrypt text messages. I'd like to be able
to
> use my E-Mail Certificate with Netscape Messenger like the ones that
> Verisign give out for 60 day trial.
You need to make your certificate/private key into a PKCS12 file and import
it into Netscape. OpenSSL has a PKCS12 command.
> When browsing through OpenSSL docs I also found that the verify function
can
> tell you the purpose the cert was made for. How can I create a cert with a
> certain purpose then?
It's part of the x509 v3 spec. It supports a whole variety of extensions,
and keyUsage allows you to specify what you can use it for. Specify it in
your extensions section of openssl.conf. It can take on any conbination of
digitalSignature, keyEncipherment, digitalSignature, keyEncipherment,
keyCertSign, digitalSignature, nonRepudiation, cRLSign AFAIK.
HTH,
Luke
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
