I created a new cert today, with a CA I haven't used in a while.
I used option 4) Perform a one-step request/sign
Bacula complains about this cert: ERR=26:unsupported certificate purpose
Comparing that cert with one that works, created with the same CA, I notice this difference. The non-working cert contains this section just before the Signature Algorithm section:
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Key Usage:
Digital Signature, Non Repudiation, Key Encipherment, Key Agreement
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 CRL Distribution Points:
Full Name:
URI:http://CRL_URI
What's up with that?
I created a new cert today, with a CA I haven't used in a while.
I used option
4) Perform a one-step request/signBacula complains about this cert:
ERR=26:unsupported certificate purposeComparing that cert with one that works, created with the same CA, I notice this difference. The non-working cert contains this section just before the
Signature Algorithmsection:What's up with that?