Todo #9868: Add clientAuth EKU to Server type certificates - pfSense - pfSense bugtracker

Actions

Copy link

Todo #9868

closed

Add clientAuth EKU to Server type certificates

Added by Jim Pingle about 5 years ago. Updated almost 5 years ago.

Status:

Resolved

Priority:

Low

Assignee:

Jim Pingle

Category:

Certificates

Target version:

2.4.5

Start date:

10/31/2019

Due date:

% Done:

100%

Estimated time:

Plus Target Version:

Release Notes:

Description

Some cases may require a server certificate to be used to authenticate a server (to client) and authenticate as a client (to another server). Currently, server certificates only include the serverAuth EKU, but both may be present.

Additionally, the ISRG-CPS-v2.6 standard followed by Let's Encrypt contains both for end entity certificates.

Looking at some other standards like RFC 5280 (EKU), RFC 5216/RFC 5281 (EAP-[T]TLS) they all mention things in a permissive way, meaning that the presence of specific values enables uses. I don't see anything that would exclude or fail based on the presence of an EKU.

History
Notes
Property changes
Associated revisions

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

pfSense

Custom queries

Todo #9868

Add clientAuth EKU to Server type certificates

Updated by Jim Pingle about 5 years ago

Updated by Viktor Gurov about 5 years ago

Updated by Jim Pingle about 5 years ago

Updated by Jim Pingle about 5 years ago

Updated by Jim Pingle almost 5 years ago

Updated by Viktor Gurov almost 5 years ago

Updated by Jim Pingle almost 5 years ago