Hi, What would be the most efficient and easiest way to distinguish a CA certificate from an actual server/client(end entity) certificate? We were thinking of identifying the CA with the "CA:TRUE" constraint from the text display, but again this check does not cover x509 v1 certificates where this extension is not present. Is there any command/openSSL API available which would serve this purpose?
Regds, Ashok
