Apo to : http://www.cs.auckland.ac.nz/~pgut001/pubs/x509guide.txt
Because of this confusion, it's probably impossible to include a set of
constraint extensions in a certificate which will be handled properly by
different implementations. Because of problems like this, the digital
signature laws of some countries are requiring certification of the software
being used as part of compliance with the law, so that you can't just claim
that your software "supports X.509v3 certificates" (everyone claims this
whether they actually do or not), you actually have to prove that it
supports
what's required by the particular countries' laws. If you're in a country
which has digital signature legislation, make sure the software you're using
has been certified to conform to the legal requirements.
Ayto, to exoume koitaksei gia thn periptwsh ths Elladas?