Skip to content

unsupported certificate purpose when using one-step request/sign of ssl-admin 1.2.1_2 #5

Description

@dlangille

I created a new cert today, with a CA I haven't used in a while.

I used option 4) Perform a one-step request/sign

Bacula complains about this cert: ERR=26:unsupported certificate purpose

Comparing that cert with one that works, created with the same CA, I notice this difference. The non-working cert contains this section just before the Signature Algorithm section:

        X509v3 extensions:
            X509v3 Basic Constraints: 
                CA:FALSE
            X509v3 Key Usage: 
                Digital Signature, Non Repudiation, Key Encipherment, Key Agreement
            X509v3 Extended Key Usage: 
                TLS Web Client Authentication
            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:http://CRL_URI

What's up with that?

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions