Thanks, Liam. I think that'd be a better long-term solution for us than
trying to keep running our own CA. I can probably knock out the basics in
an afternoon.
John
On Wed, May 13, 2015 at 12:13 PM, Liam Hoekenga li...@umich.edu wrote:
For the most part, we use our front-end certs for the cosign backchannel.
You'll need to make sure you add the InCommon CA certs to the CA directory
used by your cosignd.
Liam
On Wed, May 13, 2015 at 11:31 AM, John Miller johnm...@brandeis.edu
wrote:
Hi there folks,
Does cosignd check the x509v3 Key Usage or Extended Key Usage extensions
in client certificates? Our CA certificate expires in a year, and I'd
prefer not to have to replace all 200-odd client certificates that we're
running. If we can just use our frontend certs (signed by InCommon),
that'd be a much cleaner solution.
Our web certificates have the following extensions:
X509v3 extensions:
X509v3 Authority Key Identifier:
keyid:39:DA:FF:CA:28:14:8A:A8:74:13:08:B9:E4:0E:A9:D2:FA:7E:9D:69
X509v3 Subject Key Identifier:
8B:6D:E7:CA:C9:31:A3:C4:F3:92:51:9E:DD:DD:72:10:E8:C8:61:46
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client
Authentication, Microsoft Server Gated Crypto, Netscape Server Gated Crypto
Any help you can provide would be much appreciated!
John
--
John Miller
Systems Engineer
Brandeis University
johnm...@brandeis.edu
--
One dashboard for servers and applications across Physical-Virtual-Cloud
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
___
Cosign-discuss mailing list
Cosign-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/cosign-discuss
--
John Miller
Systems Engineer
Brandeis University
johnm...@brandeis.edu
(781) 736-4619
--
One dashboard for servers and applications across Physical-Virtual-Cloud
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y___
Cosign-discuss mailing list
Cosign-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/cosign-discuss