[openssl-users] keyusage digitalSignature in CA certs
Blumenthal, Uri - 0553 - MITLL
uri at ll.mit.edu
Thu Aug 17 13:32:39 UTC 2017
AFAIK it must.
Sent from my iPhone
> On Aug 17, 2017, at 09:21, Robert Moskowitz <rgm at htt-consult.com> wrote:
> Should digitalSignature be included in keyusage in CA certs?
> Includes it.
> Does not include it.
> It seems to make a root or intermediate CA be able to have more purposes than it should? e.g.
> SSL client : Yes
> SSL server : Yes
> S/MIME signing : Yes
> So which is the right for a CA's key usage?
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 4223 bytes
Desc: not available
More information about the openssl-users