Hi,
seems that for certificates created by univention-certificate there is no X509v3 server extension activated. Is this a bug or is there a reason behind this?
Cheers,
SirTux
As workaround I’ve added this line in the openssl.cnf:
[ v3_req ]
[...]
extendedKeyUsage = serverAuth,clientAuth
[...]
Afterwards I’ve recreated the certificate:
1 Like
Hi @SirTux,
I followed what you suggested, and it doesn’t work.
after revoking and recreating user cert the line is blank:
UCS 5.0-8 errata1118
Any ideas?
[EDIT]
It worked after adding the line in two places, here:
Interestingly, the copy of openssl.cnf in the user directory still doesn’t have the lines avaialble.