Yes you should edit the x509_extensions in the openssl.cnf I think the following will be minimal set for a ssl server host cert:
basicConstraints = CA:FALSE keyUsage = digitalSignature, keyEncipherment nsCertType = server extendedKeyUsage = serverAuth,msSGC, nsSGC On 7/20/05, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > > Hi > I just started to try gererating certificates for machine authentication > with openssl. > But im not so successful. I can generate client certificates but im not > sure about the difference between client and machine certificates. > Do i have to change the x509_extensions in the openssl.cnf file? How can > i be sure to get a machine certificate. > Do you have somthing like a how to configure opoenssl for machine > certificates. > > Marcel > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager [EMAIL PROTECTED] > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
