On Thu, May 23, 2019 at 1:17 AM Gregory Sloop <[email protected]> wrote: > > I am using certtool to create some certificates and keys. > These certs and keys will be used on Windows systems - and I've run into some > confusion. > > As far as I can tell, MS [and Cisco and others] expect the OID > 1.3.6.1.5.5.7.3.1 to be a "server" certificate. > > However, from the GNUTLS docs for certtool, I see this: > > # Whether this certificate will be used for a TLS client; > # this sets the id-kp-serverAuth (1.3.6.1.5.5.7.3.1) of > # extended key usage. > tls_www_client > > # Whether this certificate will be used for a TLS server; > # This sets the id-kp-clientAuth (1.3.6.1.5.5.7.3.2) of > # extended key usage. > tls_www_server
Hi, Thank you for bringing this up. It seems that the comments in the configuration file are incorrect. Checking the OIDs set by these two options, they are reversed and match what you mention above. regards, Nikos _______________________________________________ Gnutls-help mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnutls-help
