[Fedora-directory-users] SOLVED: NSPR "Certificate type not approved for application" error when a TLS-enabled proxy LDAP OpenLDAP server connects to Fedora Directory Server

[Michael Ströder]

Aleksander Adamowski wrote:
> Michael Ströder wrote:
>> Aleksander Adamowski wrote:
>>>
>>> The relevant fields of the OpenLDAP server's certificate are:
>>
>> What about the keyUsage and extendedKeyUsage extensions?
>>
> These aren't present, unfortunately.

IIRC they have to be defined.

Example lines for openssl.cnf:
keyUsage                = digitalSignature,keyEncipherment
extendedKeyUsage        = serverAuth

Ciao, Michael.