On 02/24/2016 08:50 PM, Dr. Stephen Henson wrote:
On Wed, Feb 24, 2016, lists wrote:
extensions = x509v3
[ x509v3 ]
keyUsage = digitalSignature
extendedKeyUsage = clientAuth,emailProtection
crlDistributionPoints = URI:http://ldap.secure-edge.com/secure-edge-ca.crl
subjectAltName = email:copy
basicConstraints = CA:false,pathlen:0
While this isn't the cause of your problem you should NOT use pathelen if you
have CA:false. An application might reject such a certificate due to
inconsistent extension values.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
You're definitely right. Thanks.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
