I think the extension u have to use is keyUsage = digitalSignature,nonRepudiation
Maybe this should work. And tell me did u generate seperate digital signing and encryption for the same dn i.e for same information like C,L,CN,O,OU. If u did it for same input, please let me know how to do it. abhay balkrishna nadkarni wrote: >Hi, > >I have created separate digital signing and encryption >certificates for the purpose of secure E-mail, signed >by a self-signed CA. > >In openssl.cnf the section usr_cert is as follows: > >[ usr_cert ] > ># These extensions are added when 'ca' signs a request. >basicConstraints=CA:FALSE >nsCertType = email >keyUsage = digitalSignature >subjectKeyIdentifier=hash >authorityKeyIdentifier=keyid,issuer:always > >My problem is: >-------------- > >I am able to send digitally signed mails with Netscape >Communicator and the recipient's mail client (Netscape/ >OE) cannot send an encrypted mail using the received >digital ID, which is what I want. > >IN OE however, before sending a digitally signed message, >OE complains that I do not have a digital ID. But then >it is able to send a digitally signed message. > >Can anybody point what the problem may be. Is there >a way to eliminate this warning? > > > >______________________________________________________________________ >OpenSSL Project http://www.openssl.org >User Support Mailing List [EMAIL PROTECTED] >Automated List Manager [EMAIL PROTECTED] > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
