On Wed, Jul 15, 2009, stortoaranci wrote: > > Hi All, > > I just have a silly question on Openssl. > > I use a self-signed CA to sign several server/clients cert. > > For example I could use signed certs to implement an OpenVPN LAN and one > Wi-FI RADIUS auth for different clients. > > The question is: "how to be sure that a client allowed to use the wifi do > not use the same cert on the OpenVPN LAN"? > > In other words, how could I segratate clients using the same CA? > > thank you and sorry for my poor english. >
I'm not certain if there are any specific extended key usage OIDs for those two purposes. If there are you can set thos in the appropriate end entity certificates but the software then has to check for their presence. Certificate policies is also usable for this. Again though the software has to check for an appropriate policy. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
