[Date Prev][Date Next]
Re: TLS/SSL problem - unsupported certificate purpose
On Tue, 24 Apr 2007, Jean-Claude wrote:
With SSL, I check all my certificates (Root CA and LDAP certificate) and
renew all of them, successless.
Always the same error message.
Althought all seems OK about certificates.
# openssl x509 -in LDAPserver-cert.pem -text -noout
Netscape Cert Type:
The certificate has a "Netscape Cert Type" field, but that field doesn't
include the "SSL Server" flag. Your certificate creation setup needs to
be corrected and a new certificate created. To quote the "X509
CERTIFICATE EXTENSIONS" part of the openssl(1) manpage:
The extended key usage extension must be absent or include the
"web server authentication" and/or one of the SGC OIDs.
keyUsage must be absent or it must have the digitalSignature
set, the keyEncipherment set, or both bits set. Netscape
certificate type must be absent or have the SSL server bit set.