SourceForge has been redesigned. Learn more.

Root CA settings

  • stef_204

    stef_204 - 2007-07-11


    Last question for me (hopefully):

    When I created my Root CA, under tab Key Usage, sections "key Usage" and "Extended Key Usage", I did not (forgot) highlight ANY settings such as Certificate Sign or anything else really.

    Under "Netscape" tab, same thing: I did NOT select SSL CA or S/MIME CA, etc.

    Is that a problem?  Should I have done that and thus need to re-create my Root CA?


    PS Chris, how about testing this whole thing with me? You can send me  your email address via private message here at sourceforge and I will answer.

    • Christian Hohnstaedt

      generally, the extensions are meant to restrict the usage of the certificate.
      If an extension is missing, it is assumed to "allow all".

      But your users may reject to accept a root CA that authorizes for everything.
      But at least the basic constraints should be there.

    • stef_204

      stef_204 - 2007-07-11

      OK.  Thanks.


Log in to post a comment.