[Fedora-directory-users] SOLVED: NSPR "Certificate type not approved for application" error when a TLS-enabled proxy LDAP OpenLDAP server connects to Fedora Directory Server
Michael Ströder
michael at stroeder.com
Tue Apr 15 15:39:28 UTC 2008
Aleksander Adamowski wrote:
> Michael Ströder wrote:
>> Aleksander Adamowski wrote:
>>>
>>> The relevant fields of the OpenLDAP server's certificate are:
>>
>> What about the keyUsage and extendedKeyUsage extensions?
>>
> These aren't present, unfortunately.
IIRC they have to be defined.
Example lines for openssl.cnf:
keyUsage = digitalSignature,keyEncipherment
extendedKeyUsage = serverAuth
Ciao, Michael.
More information about the Fedora-directory-users
mailing list