[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Help-gnutls] Re: Key usage violation in certificate
|
From: |
Simon Josefsson |
|
Subject: |
[Help-gnutls] Re: Key usage violation in certificate |
|
Date: |
Fri, 05 Jun 2009 13:42:17 +0200 |
|
User-agent: |
Gnus/5.110011 (No Gnus v0.11) Emacs/23.0.94 (gnu/linux) |
"Roland Winkler" <address@hidden> writes:
> On Mon Jun 1 2009 Daniel Kahn Gillmor wrote:
>> I've opened https://bugzilla.novell.com/show_bug.cgi?id=508844 to
>> suggest that YaST should behave differently. Roland, if you can follow
>> up there with more details about how the cert in question was created
>> and how the service was configured, we might be able to prevent this
>> from tripping up other folks in the future.
>
> It's a bit difficult to reconstruct the details.
>
> The certificate was created via YaST on an Open Enterprise Server
> (OES) SP2. The sysadmin told me that these certificates are mainly
> intended for https connections and secure communication of Novell's
> eDirectory service. They are not specifically designed for secure
> SMTP connections that triggered the "key usage violation" problem.
The same concerns applies to https/ldaps: if the KeySign key usage isn't
permitted, you can't use DHE ciphersuites. That seems sub-optimal, but
could be intentional for some strange reason.
/Simon