Re: [Cosign-discuss] x509 Key Usage

Wed, 13 May 2015 09:46:38 -0700 

For the most part, we use our front-end certs for the cosign backchannel.
You'll need to make sure you add the InCommon CA certs to the CA directory
used by your cosignd.

Liam

On Wed, May 13, 2015 at 11:31 AM, John Miller <johnm...@brandeis.edu> wrote:

> Hi there folks,
>
> Does cosignd check the x509v3 Key Usage or Extended Key Usage extensions
> in client certificates?  Our CA certificate expires in a year, and I'd
> prefer not to have to replace all 200-odd client certificates that we're
> running.  If we can just use our frontend certs (signed by InCommon),
> that'd be a much cleaner solution.
>
> Our web certificates have the following extensions:
>
>         X509v3 extensions:
>             X509v3 Authority Key Identifier:
>
> keyid:39:DA:FF:CA:28:14:8A:A8:74:13:08:B9:E4:0E:A9:D2:FA:7E:9D:69
>
>             X509v3 Subject Key Identifier:
>                 8B:6D:E7:CA:C9:31:A3:C4:F3:92:51:9E:DD:DD:72:10:E8:C8:61:46
>             X509v3 Key Usage: critical
>                 Digital Signature, Key Encipherment
>             X509v3 Basic Constraints: critical
>                 CA:FALSE
>             X509v3 Extended Key Usage:
>                 TLS Web Server Authentication, TLS Web Client
> Authentication, Microsoft Server Gated Crypto, Netscape Server Gated Crypto
>
>
> Any help you can provide would be much appreciated!
>
> John
> --
> John Miller
> Systems Engineer
> Brandeis University
> johnm...@brandeis.edu
>
>
>
> ------------------------------------------------------------------------------
> One dashboard for servers and applications across Physical-Virtual-Cloud
> Widest out-of-the-box monitoring support with 50+ applications
> Performance metrics, stats and reports that give you Actionable Insights
> Deep dive visibility with transaction tracing using APM Insight.
> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
> _______________________________________________
> Cosign-discuss mailing list
> Cosign-discuss@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/cosign-discuss
>
>

------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud 
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
Cosign-discuss mailing list
Cosign-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/cosign-discuss

Reply via email to