Hi!
I am currently looking into the usage of EKU's for CA certificates and
hope someone of you guys can help me.
Given the following scenario:
1) A CA certificate with EKU "Client Authentication".
2) An enterprise certificate issued by the CA certificate in 1) with EKU
"Client Authentication" and "Server Authentication"
And my questions are:
1) What is the purpose of setting EKU's for CA certificates?
2) Is the scenario above "allowed" ?
3) Should a certificate chain validation of the above scenario succeed?
I tried the "openssl verify -purpose sslclient" on the above scenario and
the validation succeeded. If openssl says it's ok, then it is ok :)
My reason for asking is that we struggle with a chain validation of the
above scenario using some other technology...
Best regards,
Steffen Fiksdal
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
