On Tue, Feb 22, 2005, ray v wrote: > Ok I figured it out, doh! > > Here's part of my openssl command > > openssl x509 -req -days $days -in $csrfile -extfile > extfile -extensions extend > > I use -extfile and -extensions > > Here's my extfile > > extensions = extend > [ extend ] > keyUsage = digitalSignature > extendedKeyUsage = clientAuth > nsCertType = client >
Yes that's basically it. While it is also possible to restrict CA purposes not all software supports and it is non standard. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
