Hello Dan,
On Sat, 9 Sept 2023 at 12:39, Dan Langille <d...@langille.org> wrote:
> Hello,
>
> Is anyone using self-signed certificates using X509v3 extensions?
>
> To be clear: I am not trying to make use of X509v3 extensions for any
> particular purpose - A recent upgrade to the tool I am using recently
> started X509v3 extensions
>
>
Our system works with sellf-signed certificates with X509v3 extensions.
here's what the extensions look like on our setup:
X509v3 extensions:
X509v3 Subject Key Identifier:
5E:67:4E:42:8B:F3:3B:8E:F4:C4:BE:B9:29:B3:5E:41:DC:DE:12:81
X509v3 Authority Key Identifier:
keyid:88:38:87:5E:B1:E0:FF:59:98:BB:0F:2F:8B:55:F5:E0:85:E1:82:9D
DirName:/C=IE/ST=Co Kildare/L=Maynooth/O=Maynooth
University/OU=Computer Science Department/CN=CS Dept Internal
CA/emailAddress=supp...@cs.nuim.ie
serial:CC:A9:72:5F:96:CF:3B:53
X509v3 Basic Constraints:
CA:FALSE
X509v3 Key Usage:
Digital Signature, Non Repudiation, Key Encipherment, Data
Encipherment
X509v3 CRL Distribution Points:
Full Name:
URI:http://www.cs.nuim.ie/nuimcs.crl
Comparing to your example, I don't have the "Extended Key Usage" part, and
I don't remember why is there Subject Key Identifier and Authority Key
Identifier extensions: something wasn't working without them, but I can't
find my notes from when I was setting up our internal "CA", so have no idea
if it was related to Bacula or not.
But I have a feeling it is not bacula that is failing: this
"ERR=error:1416F086:SSL
routines:tls_process_server_certificate:certificate verify failed" feels
like it is coming from the SSL library?
Hope this info helps!
Misha
_______________________________________________
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users
