[Date Prev][Date Next] [Chronological] [Thread] [Top]

Any problems with X.509v3 Extensions?

To: openldap-software@openldap.org
Subject: Any problems with X.509v3 Extensions?
From: "Brian A. Seklecki" <lavalamp@spiritual-machines.org>
Date: Fri, 1 Feb 2008 16:29:37 -0500 (EST)

All:

Does anyone know of any known-problems with OpenLDAP server/client-side certificates signed with X509 v3 Extensions?

e.g.,

$ openssl x509 -text -in interface.crt.pem

        X509v3 extensions:
            X509v3 Subject Alternative Name:
                email:ldap@tld
            Netscape Cert Type:
                SSL Server, S/MIME, Object Signing
            X509v3 Extended Key Usage:
                TLS Web Server Authentication


With openssl.cnf:

  [ v3_req_ext ]
 subjectAltName=email:copy
 nsCertType = server, email, objsign
 nsComment = "OpenSSL Generated Server Certificate"
 # .2 = Client, .1 = Server
 #extendedKeyUsage = 1.3.6.1.5.5.7.3.2
 extendedKeyUsage = 1.3.6.1.5.5.7.3.1

This is the way Godaddy rocks out.

Every year I go through suffer through hours of self abnegation trying to re-issue certificates for a dozen F/OSS applications that all have little caveats --- This year I'm writing that shit down >:}

~BAS

Follow-Ups:
- Re: Any problems with X.509v3 Extensions?
  - From: Quanah Gibson-Mount <quanah@zimbra.com>

Prev by Date: RE: large ldap server recommendation
Next by Date: Re: Replication errors with 2.3.40
Index(es):
- Chronological
- Thread