Hi there folks,
Does cosignd check the x509v3 Key Usage or Extended Key Usage extensions in
client certificates? Our CA certificate expires in a year, and I'd prefer
not to have to replace all 200-odd client certificates that we're running.
If we can just use our frontend certs (signed by InCommon), that'd be a
much cleaner solution.
Our web certificates have the following extensions:
X509v3 extensions:
X509v3 Authority Key Identifier:
keyid:39:DA:FF:CA:28:14:8A:A8:74:13:08:B9:E4:0E:A9:D2:FA:7E:9D:69
X509v3 Subject Key Identifier:
8B:6D:E7:CA:C9:31:A3:C4:F3:92:51:9E:DD:DD:72:10:E8:C8:61:46
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client
Authentication, Microsoft Server Gated Crypto, Netscape Server Gated Crypto
Any help you can provide would be much appreciated!
John
--
John Miller
Systems Engineer
Brandeis University
johnm...@brandeis.edu
------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
Cosign-discuss mailing list
Cosign-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/cosign-discuss