[Help-gnutls] Re: Key usage violation in certificate

Simon Josefsson simon at josefsson.org
Fri Jun 5 13:42:17 CEST 2009


"Roland Winkler" <Roland.Winkler at physik.uni-erlangen.de> writes:

> On Mon Jun 1 2009 Daniel Kahn Gillmor wrote:
>> I've opened https://bugzilla.novell.com/show_bug.cgi?id=508844 to
>> suggest that YaST should behave differently.  Roland, if you can follow
>> up there with more details about how the cert in question was created
>> and how the service was configured, we might be able to prevent this
>> from tripping up other folks in the future.
>
> It's a bit difficult to reconstruct the details.
>
> The certificate was created via YaST on an Open Enterprise Server
> (OES) SP2. The sysadmin told me that these certificates are mainly
> intended for https connections and secure communication of Novell's
> eDirectory service. They are not specifically designed for secure
> SMTP connections that triggered the "key usage violation" problem.

The same concerns applies to https/ldaps: if the KeySign key usage isn't
permitted, you can't use DHE ciphersuites.  That seems sub-optimal, but
could be intentional for some strange reason.

/Simon





More information about the Gnutls-help mailing list