On Wed, Feb 24, 2016, lists wrote: > > extensions = x509v3 > > [ x509v3 ] > keyUsage = digitalSignature > extendedKeyUsage = clientAuth,emailProtection > crlDistributionPoints = URI:http://ldap.secure-edge.com/secure-edge-ca.crl > subjectAltName = email:copy > basicConstraints = CA:false,pathlen:0 While this isn't the cause of your problem you should NOT use pathelen if you have CA:false. An application might reject such a certificate due to inconsistent extension values. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org
