[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Fedora-directory-users] SOLVED: NSPR "Certificate type not approved for application" error when a TLS-enabled proxy LDAP OpenLDAP server connects to Fedora Directory Server



Aleksander Adamowski wrote:
Michael Ströder wrote:
Aleksander Adamowski wrote:

The relevant fields of the OpenLDAP server's certificate are:

What about the keyUsage and extendedKeyUsage extensions?

These aren't present, unfortunately.

IIRC they have to be defined.

Example lines for openssl.cnf:
keyUsage                = digitalSignature,keyEncipherment
extendedKeyUsage        = serverAuth

Ciao, Michael.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]