[stunnel-users] stunnel.cnf should set keyUsage = keyCertSign

Athir Nuaimi athir at nuaimi.com
Tue Mar 11 05:31:01 CET 2014

I'm trying to write a go program to connect to an stunnel server and verify
the certificate but it fails because the go language requires that
self-signed certs have keyCertSign set in the keyUsages.  the default
stunnel.cnf does not set this.  According to the following message thread
this is required by RFC 5280.


The solution to this is to add 'keyUsage = keyCertSign' to the stunnel.cnf.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20140311/9ea277d9/attachment.html>

More information about the stunnel-users mailing list