Hi Michael,
Thanks for responding.
My problem is a little more involved then that. I'm the CA, err using openssl can creating a CA certificate using the v3_ca extension. I have quite a number of certificate being used by our servers. Recently we wanted to start generating user certificates but we also want to restrict the purpose field to just "ssl client". We don't want to include ssl server, netscape*, objsign, or e-mail. ... just ssl client.
There must be a way to do this during CSR signing but I'm just not sure what to look for?
You still need to modify your CA certificate in order to generate and sign the "client" certificates with the proper properties, and no more than what you define the CA to be valid for.
Michael
smime.p7s
Description: S/MIME Cryptographic Signature
