> On 26 Nov 2015, at 1:16 PM, Randy Bush <ra...@psg.com> wrote: > >> The resolution of a certificate is the domain name, e.g. it is valid for >> all services on the machine. > > X509v3 extensions: > X509v3 Key Usage: critical > Digital Signature, Key Encipherment > X509v3 Extended Key Usage: > TLS Web Server Authentication, TLS Web Client Authentication > X509v3 Basic Constraints: critical > CA:FALSE > > from a soon very popular ca
The other CAs do the same. Notice how it says “Web server authentication”, not “port 443 server authentication”. Another thing is that I don’t get why some CAs have the web *client* authentication EKU thrown in there. Either way, that certificate is just as good for port 5000 (python flask’s default port) as it is for port 443, and vice versa. Yoav _______________________________________________ Acme mailing list Acme@ietf.org https://www.ietf.org/mailman/listinfo/acme