<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<br>
<div class="moz-cite-prefix">On 1/9/18 19:32, Viktor Dukhovni wrote:<br>
</div>
<blockquote type="cite"
cite="mid:5D4FEB39-F7F9-40FF-AC1F-E8AD81393FCE@dukhovni.org">
<pre wrap="">This Key Usage is more appropriate. When the "Key Usage" is present in
a CA certificate, it <b class="moz-txt-star"><span class="moz-txt-tag">*</span>MUST<span class="moz-txt-tag">*</span></b> include "Certificate Sign".</pre>
</blockquote>
That was indeed the problem. Thank you!! It seems strange to me
that OpenSSL will allow creation of a CA cert (CA:TRUE) that may not
be used to sign other certs.<br>
<br>
I appreciate your help Viktor.<br>
<br>
Norm<br>
<br>
P.S. Seems you didn't need machine-readable certificates to help me
after all ;-)
</body>
</html>