From owner-freebsd-current Mon Aug 7 22:34:36 2000 Delivered-To: freebsd-current@freebsd.org Received: from ns.internet.dk (ns.internet.dk [194.19.140.1]) by hub.freebsd.org (Postfix) with ESMTP id 48F0437B6AA for ; Mon, 7 Aug 2000 22:34:26 -0700 (PDT) (envelope-from leifn@neland.dk) Received: (from uucp@localhost) by ns.internet.dk (8.9.3/8.9.3) with UUCP id HAA45245 for freebsd-current@freebsd.org; Tue, 8 Aug 2000 07:34:19 +0200 (CEST) (envelope-from leifn@neland.dk) Received: from localhost (localhost [127.0.0.1]) by arnold.neland.dk (8.11.0/8.9.3) with ESMTP id e785Y0553659 for ; Tue, 8 Aug 2000 07:34:04 +0200 (CEST) (envelope-from leifn@neland.dk) Date: Tue, 8 Aug 2000 07:33:54 +0200 (CEST) From: Leif Neland To: freebsd-current@freebsd.org Subject: inheriting certificate trust Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I've got a verisign'ed certificate for our webserver. According to Microsoft explorer/outlook, it can be used for verifying the servers identity, but not for mail. I've used this certificate to sign a new certificate, and Microsoft recognizes it and the trust chain, and will use it for verifying the servers identity, but not for mail. According to openssl x509, both certificates are usable for smime. Can I use the webserver certificate to make mail-certificates, or is it because the root CA at verisign is not for mail, then none of its children can be for mail? Leif To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message