I have various questions: 1) The example openssl.cnf (9.8x) still contains the deprecated ns** directives. Why, and why not using the RFC3280 (and later) directives.
2) I seem to fail to understand how I can provide the path to the root certificate for verification of an end entity certificate. I can use the ns** directives, but since they are deprecated, how can I provide a path (URI) to the cacert.pem (or similair) file. 3) Is the "string_mask" directive an openssl directive (I am missing IA5String then) or what it's purpose. 4) RFC3280 and additional RFC's are not that clear to me. I assume that if I really took up a study for the ASN.1 (1993?) specification, I might understand a bit more. However, not everybody has the time or energy for that mater to take up that kind of study effort. I have sofare not found a comprehensive tutorial or howto to guide in this matter. But I really have the urge to do it right this time. Being my own CA, having my own services etc. Any suggestions? Okay, I hope to see some positive feedback Kind regards, Frans de Boer. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
