keyusage digitalSignature in CA certs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Should digitalSignature be included in keyusage in CA certs?


https://jamielinux.com/docs/openssl-certificate-authority/create-the-root-pair.html

Includes it.

https://stackoverflow.com/questions/21297139/how-do-you-sign-certificate-signing-request-with-your-certification-authority/21340898#21340898

Does not include it.
It seems to make a root or intermediate CA be able to have more purposes than it should? e.g. 

SSL client : Yes
SSL server : Yes
S/MIME signing : Yes

So which is the right for a CA's key usage?

thanks

Bob

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux