[openssl-users] Fwd: basic constraints check

Salz, Rich rsalz at akamai.com
Thu May 31 18:08:38 UTC 2018


  *   We generated intermediate02 such that it has "basicConstraints" extension and "keyUsage" missing. Now we used this intermediate 02 CA to sign server certificate.

If those extensions, which are *optional,* are not present, then there is no limit on how the keys may be used, or how long the cert chain may be.  OpenSSL is doing the right thing.

If you want to add them, and you cannot upgrade, then read about the openssl config file syntax.  Good luck.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20180531/694c3e55/attachment.html>


More information about the openssl-users mailing list