[stunnel-users] stunnel.cnf should set keyUsage = keyCertSign
delaage.pierre at free.fr
Tue Mar 11 08:34:55 CET 2014
More precisely : that option should be set on the machine that has
generated the certificate : probably not your "client" one...
but a kind of CA server somewhere...
Not related at all to stunnel.
You should subscribe to openssl mailing lists here :
Le 11/03/2014 05:31, Athir Nuaimi a écrit :
> I'm trying to write a go program to connect to an stunnel server and
> verify the certificate but it fails because the go language requires
> that self-signed certs have keyCertSign set in the keyUsages. the
> default stunnel.cnf does not set this. According to the following
> message thread this is required by RFC 5280.
> The solution to this is to add 'keyUsage = keyCertSign' to the
> stunnel-users mailing list
> stunnel-users at stunnel.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the stunnel-users