Re: [Cosign-discuss] x509 Key Usage

Wed, 13 May 2015 10:13:05 -0700 

Thanks, Liam.  I think that'd be a better long-term solution for us than
trying to keep running our own CA.  I can probably knock out the basics in
an afternoon.

John

On Wed, May 13, 2015 at 12:13 PM, Liam Hoekenga <li...@umich.edu> wrote:

> For the most part, we use our front-end certs for the cosign backchannel.
> You'll need to make sure you add the InCommon CA certs to the CA directory
> used by your cosignd.
>
> Liam
>
> On Wed, May 13, 2015 at 11:31 AM, John Miller <johnm...@brandeis.edu>
> wrote:
>
>> Hi there folks,
>>
>> Does cosignd check the x509v3 Key Usage or Extended Key Usage extensions
>> in client certificates?  Our CA certificate expires in a year, and I'd
>> prefer not to have to replace all 200-odd client certificates that we're
>> running.  If we can just use our frontend certs (signed by InCommon),
>> that'd be a much cleaner solution.
>>
>> Our web certificates have the following extensions:
>>
>>         X509v3 extensions:
>>             X509v3 Authority Key Identifier:
>>
>> keyid:39:DA:FF:CA:28:14:8A:A8:74:13:08:B9:E4:0E:A9:D2:FA:7E:9D:69
>>
>>             X509v3 Subject Key Identifier:
>>
>> 8B:6D:E7:CA:C9:31:A3:C4:F3:92:51:9E:DD:DD:72:10:E8:C8:61:46
>>             X509v3 Key Usage: critical
>>                 Digital Signature, Key Encipherment
>>             X509v3 Basic Constraints: critical
>>                 CA:FALSE
>>             X509v3 Extended Key Usage:
>>                 TLS Web Server Authentication, TLS Web Client
>> Authentication, Microsoft Server Gated Crypto, Netscape Server Gated Crypto
>>
>>
>> Any help you can provide would be much appreciated!
>>
>> John
>> --
>> John Miller
>> Systems Engineer
>> Brandeis University
>> johnm...@brandeis.edu
>>
>>
>>
>> ------------------------------------------------------------------------------
>> One dashboard for servers and applications across Physical-Virtual-Cloud
>> Widest out-of-the-box monitoring support with 50+ applications
>> Performance metrics, stats and reports that give you Actionable Insights
>> Deep dive visibility with transaction tracing using APM Insight.
>> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
>> _______________________________________________
>> Cosign-discuss mailing list
>> Cosign-discuss@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/cosign-discuss
>>
>>
>


-- 
John Miller
Systems Engineer
Brandeis University
johnm...@brandeis.edu
(781) 736-4619

------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud 
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
Cosign-discuss mailing list
Cosign-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/cosign-discuss

Reply via email to