On 02/24/2016 08:50 PM, Dr. Stephen Henson wrote: > On Wed, Feb 24, 2016, lists wrote: > >> extensions = x509v3 >> >> [ x509v3 ] >> keyUsage = digitalSignature >> extendedKeyUsage = clientAuth,emailProtection >> crlDistributionPoints = URI:http://ldap.secure-edge.com/secure-edge-ca.crl >> subjectAltName = email:copy >> basicConstraints = CA:false,pathlen:0 > While this isn't the cause of your problem you should NOT use pathelen if you > have CA:false. An application might reject such a certificate due to > inconsistent extension values. > > Steve. > -- > Dr Stephen N. Henson. OpenSSL project core developer. > Commercial tech support now available see: http://www.openssl.org You're definitely right. Thanks.
