On Fri, Aug 27, 2004, Jim Adams wrote: > I thought that at first, but I made similar certs with critical Key > Usage parameters > using openssl and openssl liked them. >
If you certificate signing is absent from key usage (critical or not) then the certificate wont be acceptable as an untrusted CA. In particular you wont get the self signed certificate error: which basically means its hit the start of the chain and can't go anywhere else. Trusted certificates are accepted though. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
