On Tue, Jan 18, 2005, Shaun Lipscombe wrote: > * Charles B Cranston wrote: > > > One could read in openssl.txt (in the doc directory of the OpenSSL > > source distribution): > > OK I looked at http://www.openssl.org/ and there is a whole load of > documentation about extended key usage extensions and I think I just > need to use the -purpose option of the x509 utility. I will go play. > I've learnt more from being on this list for a few days than I have > reading up on this stuff in the last month.
Adding clientAuth in the extended key usage extension in the user certificate should be sufficient. I say "should" because YMMV according to the application in use. The -purpose option is for testing using OpenSSLs internal rules, it doesn't actually change the certifiate in any way. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
