AFAIK it must. Regards, Uri Sent from my iPhone > On Aug 17, 2017, at 09:21, Robert Moskowitz <rgm@xxxxxxxxxxxxxxx> wrote: > > Should digitalSignature be included in keyusage in CA certs? > > > https://jamielinux.com/docs/openssl-certificate-authority/create-the-root-pair.html > > Includes it. > > https://stackoverflow.com/questions/21297139/how-do-you-sign-certificate-signing-request-with-your-certification-authority/21340898#21340898 > > Does not include it. > > It seems to make a root or intermediate CA be able to have more purposes than it should? e.g. > > SSL client : Yes > SSL server : Yes > S/MIME signing : Yes > > So which is the right for a CA's key usage? > > thanks > > Bob > > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
