All:
Does anyone know of any known-problems with OpenLDAP server/client-side certificates signed with X509 v3 Extensions?
e.g.,
$ openssl x509 -text -in interface.crt.pem
X509v3 extensions: X509v3 Subject Alternative Name: email:ldap@tld Netscape Cert Type: SSL Server, S/MIME, Object Signing X509v3 Extended Key Usage: TLS Web Server Authentication
With openssl.cnf:
[ v3_req_ext ] subjectAltName=email:copy nsCertType = server, email, objsign nsComment = "OpenSSL Generated Server Certificate" # .2 = Client, .1 = Server #extendedKeyUsage = 1.3.6.1.5.5.7.3.2 extendedKeyUsage = 1.3.6.1.5.5.7.3.1
This is the way Godaddy rocks out.
Every year I go through suffer through hours of self abnegation trying to re-issue certificates for a dozen F/OSS applications that all have little caveats --- This year I'm writing that shit down >:}
~BAS