Hi Michael,
Thanks for responding.
My problem is a little more involved then that. I'm the CA, err using openssl can creating a CA certificate using the v3_ca extension. I have quite a number of certificate being used by our servers. Recently we wanted to start generating user certificates but we also want to restrict the purpose field to just "ssl client". We don't want to include ssl server, netscape*, objsign, or e-mail. ... just ssl client.
There must be a way to do this during CSR signing but I'm just not sure what to look for?
Sorry i forgot to add, that if its possible i recommend having multiple CA certificates, each one purposed specifically for what you want (i.e. ssl client). That way you can have one for webserving, one for email, etc.
The magic is all in the CA certificate!
Michael
smime.p7s
Description: S/MIME Cryptographic Signature
