Hi, seems that for certificates created by univention-certificate there is no X509v3 server extension activated. Is this a bug or is there a reason behind this? Cheers, SirTux

As workaround I’ve added this line in the openssl.cnf: [ v3_req ] [...] extendedKeyUsage = serverAuth,clientAuth [...] Afterwards I’ve recreated the certificate: [image] SSL-Zertifikat und DNS-Alias UCS - Univention Corporate Server Moin, nein, das Tool univention-certi…

Univention-certificate: no server cert extension

UCS - Univention Corporate Server

SirTux June 23, 2019, 10:03am 2

As workaround I’ve added this line in the openssl.cnf:

[ v3_req ]
[...]
extendedKeyUsage = serverAuth,clientAuth
[...]

Afterwards I’ve recreated the certificate:

1 Like