On Tue, May 03, 2005, Andrea Cogliati wrote: > > On May 3, 2005, at 1:12 PM, Dr. Stephen Henson wrote: > > >>If I use Windows Certificate viewer, the certificate generated with > >>OpenSSL has Key Encipherment (e0) as a Key Usage, while a certificate > >>generated through MS Certificate Server has Key Encipherment (a0). > > > >What do you get in the keyUsage extension when you do: > > > >openssl x509 -in cert.pem -noout -text > > > openssl shows "Key Encipherment" for both certifcates. Is the e0/a0 > issue a MS undocumented "feature"? > > The first one is the openssl certificate, the second one is the MS > Certificate Server one: > > X509v3 Key Usage: > Digital Signature, Non Repudiation, Key Encipherment > X509v3 Key Usage: > Digital Signature, Key Encipherment >
The a0/e0 is a hex representation of the bits above. If you remove the non repidiation usage from openssl.cnf the two should then be identical. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
