[Date Prev][Date Next] [Chronological] [Thread] [Top]

Any problems with X.509v3 Extensions?


Does anyone know of any known-problems with OpenLDAP server/client-side certificates signed with X509 v3 Extensions?


$ openssl x509 -text -in interface.crt.pem

        X509v3 extensions:
            X509v3 Subject Alternative Name:
            Netscape Cert Type:
                SSL Server, S/MIME, Object Signing
            X509v3 Extended Key Usage:
                TLS Web Server Authentication

With openssl.cnf:

  [ v3_req_ext ]
 nsCertType = server, email, objsign
 nsComment = "OpenSSL Generated Server Certificate"
 # .2 = Client, .1 = Server
 #extendedKeyUsage =
 extendedKeyUsage =

This is the way Godaddy rocks out.

Every year I go through suffer through hours of self abnegation trying to re-issue certificates for a dozen F/OSS applications that all have little caveats --- This year I'm writing that shit down >:}