[gnutls-help] Server and client OID
Nikos Mavrogiannopoulos
nmav at gnutls.org
Thu May 23 21:35:03 CEST 2019
On Thu, May 23, 2019 at 1:17 AM Gregory Sloop <gregs at sloop.net> wrote:
>
> I am using certtool to create some certificates and keys.
> These certs and keys will be used on Windows systems - and I've run into some confusion.
>
> As far as I can tell, MS [and Cisco and others] expect the OID 1.3.6.1.5.5.7.3.1 to be a "server" certificate.
>
> However, from the GNUTLS docs for certtool, I see this:
>
> # Whether this certificate will be used for a TLS client;
> # this sets the id-kp-serverAuth (1.3.6.1.5.5.7.3.1) of
> # extended key usage.
> tls_www_client
>
> # Whether this certificate will be used for a TLS server;
> # This sets the id-kp-clientAuth (1.3.6.1.5.5.7.3.2) of
> # extended key usage.
> tls_www_server
Hi,
Thank you for bringing this up. It seems that the comments in the
configuration file are incorrect. Checking the OIDs set by these two
options, they are reversed and match what you mention above.
regards,
Nikos
More information about the Gnutls-help
mailing list