Hi, I want to create a mini CA. My "user" certs should be used for S/MIME and SSL Client Authentication. The certificates should be useable with Netscape and Outlook. I've created the certs, but I have some problems with it. The automatic certificate type detection of windows always selects sub-ca (?) (in german: Zwischenzertifizierungstelle), I am not happy with this. The certification information window list shows all possible things to do with the certificate, e.g. my certs are able to sign code, authenticate servers, encrypt mail. Why is this shown - my keyUsage does not allow everything! There is no change when I use critical. What is the difference between .cer and .crt files on Windows? My user certificate v3 extensions looks like this: X509v3 Key Usage: critical Digital Signature, Non Repudiation, Key Encipherment Netscape Cert Type: SSL Client, S/MIME there are no basicConstraints in the user cert. My CA certificate v3 extensions looks like this: X509v3 Basic Constraints: critical CA:TRUE X509v3 Key Usage: critical Certificate Sign, CRL Sign Netscape Cert Type: SSL CA, S/MIME CA the subject alternative name, subject key identifier and authority key identifier are also supplied. Please tell me whats wrong with that? Outlook accepts the certificates when send from a mail account as pkcs7 signed attach, but refuses to install from file. I have no problems with netscape. -- cu Daniel ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
