Hello,
> On Saturday 26 May 2007 19:55, Marek Marcola wrote:
> > Hello,
> >
> > Some mail systems (eg Lotus Notes) requires proper extensions in
> > certificates. Certificates without this extensions are not
> > treated as candidates for signing/encryption.
> > With default configuration OpenSSL certificates
> > are created without extensions for signing and encryption.
> > To change this remove comment from line:
> > keyUsage = nonRepudiation, digitalSignature, keyEncipherment
> > from proper section of openssl.cnf file and generate
> > new certificate and check if this works.
>
> Thanks Marek,
>
> I uncommented the line from the section [ usr_cert ] and also checked that
> the
> same line was uncommented under the section [ v3_req ]. However, I am
> getting the same error. :(
>
> This is so frustrating.
>
> Anything else I could check?
Check that you really have proper extensions in certificate:
$ openssl x509 -in cert.pem -text -noout
.
.
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Key Usage:
Digital Signature, Non Repudiation, Key Encipherment
.
.
Best regards,
--
Marek Marcola <[EMAIL PROTECTED]>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
