[openssl-users] keyusage digitalSignature in CA certs
Robert Moskowitz
rgm at htt-consult.com
Thu Aug 17 13:20:52 UTC 2017
Should digitalSignature be included in keyusage in CA certs?
https://jamielinux.com/docs/openssl-certificate-authority/create-the-root-pair.html
Includes it.
https://stackoverflow.com/questions/21297139/how-do-you-sign-certificate-signing-request-with-your-certification-authority/21340898#21340898
Does not include it.
It seems to make a root or intermediate CA be able to have more purposes
than it should? e.g.
SSL client : Yes
SSL server : Yes
S/MIME signing : Yes
So which is the right for a CA's key usage?
thanks
Bob
More information about the openssl-users
mailing list