Dear all, I'd need to change my certificate purpose allowing it to used for SSL client authentication.
I'm using openssl 0.9.8a on fedora core 5, I've been following the man page about x509 http://www.openssl.org/docs/apps/x509.html at the section "TRUST SETTING". Before trying my cert purpose was # openssl x509 -in cert.pem -purpose Certificate purposes: SSL client : No SSL client CA : No SSL server : Yes SSL server CA : No Netscape SSL server : Yes Netscape SSL server CA : No S/MIME signing : No S/MIME signing CA : No S/MIME encryption : No S/MIME encryption CA : No CRL signing : Yes CRL signing CA : No Any Purpose : Yes Any Purpose CA : Yes OCSP helper : Yes OCSP helper CA : No I issued the command # openssl x509 -in cert.pem -addtrust clientAuth -setalias "clientAuth" -out trust.pem (not sure if -addtrust requires a "", but I tried with "clientAuth" too with the same result) But nothing changed # openssl x509 -in trust.pem -purpose Certificate purposes: SSL client : No SSL client CA : No SSL server : Yes SSL server CA : No Netscape SSL server : Yes Netscape SSL server CA : No S/MIME signing : No S/MIME signing CA : No S/MIME encryption : No S/MIME encryption CA : No CRL signing : Yes CRL signing CA : No Any Purpose : Yes Any Purpose CA : Yes OCSP helper : Yes OCSP helper CA : No Even if the alias has been correctly set up # openssl x509 -in trust.pem -noout -alias clientAuth Any idea ? Thanks, Marco Rossi ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
