Signing CertificateRequest with special privileges

Question

Well, I am not sure if I specified the question correctly.

While I was browsing web, I checked several SSL certificates and noticed that even Root Certificate doesn't have set all attributes of application(or however is it called). Cert companies makes another attributes for Class 1, Class 2, EV.

When I created my own CA Certificate it has:

-All rules of issue,

-All rules of applications.

And new certificates signed by this root has:

-All rules of applications.

Cert companies makes another attributes for Class 1, Class 2, EV. Is it possible to set those rules using OpenSSL.

score 1 · Accepted Answer · answered Dec 28 '12 at 15:44

1

I had to change usr_cert fields like: keyUsage and extendedKeyUsage to add special policies.

Additionally there is possibility to change nsCertType to change the type of certificate.

answered Dec 28 '12 at 15:44

Disa

306
2
8

You should drop all `ns*`, they're legacy extensions: http://security.stackexchange.com/a/23037/3272 You answer would also help others better if you elaborated a bit on _which_ `(extended)keyUsage` you used – Tobias Kienzler Feb 08 '13 at 11:14

Signing CertificateRequest with special privileges

1 Answers1