Dear Dr. Henson,
Thanks for your advices. I also have the same idea to retrieve that new extension from
the certificate request
generated by Windows 2000 CErtificate Services.
I will let you know if I'm succeed. To my friend, Marat, we need to find out if we can
use openssl to create cert.
Re
Martin Leung wrote:
>
> Hi Marat,
>
> I have signed a Win2K subordinate CA cert with openssl (v0.9.6)
> as root CA. The following extensions are used:
>
> subjectKeyIdentifier=hash
> authorityKeyIdentifier=keyid:always
> basicConstraints = critical,CA:true,pathlen:0
> keyUsage = critical, cRL
Hi Marat,
I have signed a Win2K subordinate CA cert with openssl (v0.9.6)
as root CA. The following extensions are used:
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always
basicConstraints = critical,CA:true,pathlen:0
keyUsage = critical, cRLSign, keyCertSign
nsCertType = sslCA, email
"Marat S. Salimov" wrote:
>
>
> Thank you for your answer Steve. Please correct me if I'm wrong. As I've got my plan
>should be like this one:
> -I take the latest release of OpenSSL's 'ca'. BTW which one?
> -I upgrade my old OpenSSL's 'ca' with the last obtained
> -I look for the options which
Noor Haizad Mohd Said wrote:
>
> Dear Marat,
>
> I also faced a problem same as you. I want to issue CA cert by signing a request
>generated by Windows2000. I also tried to cross certify their CA certificate.Both of
>them are failed.
> The reasons that might happens are:-
>
> 1) For generat
