No actually notthing more than the opnessl.cnf and the usual way you
take to generate the cert-req (and resp. the certificate) should be
needed.
after using something like the attached config file you can take this
steps(or an altenative that makes the most sense for you):
openssl genrsa -des3
Yes you should edit the x509_extensions in the openssl.cnf
I think the following will be minimal set for a ssl server host cert:
basicConstraints = CA:FALSE
keyUsage = digitalSignature, keyEncipherment
nsCertType= server
extendedKeyUsage= serverAuth,msSGC, nsSGC
On 7/20/05,
