OpenStack Docs: Octavia Certificate Configuration Guide

Root CA configuration file — OpenSSL Certificate Authority # See the POLICY FORMAT section of the `ca` man page. countryName = optional stateOrProvinceName = optional localityName = optional organizationName = optional organizationalUnitName = optional commonName = supplied emailAddress = optional [req ] # Options for the `req` tool (`man req`). default_bits = 2048 distinguished_name = req linux - Certificate with Extended Key Usage only works in openssl x509 -req -days 3650 -in san_domain_com.csr -signkey san_domain_com.key -out san_domain_com.crt -extensions v3_req -extensions mysection -extfile openssl.cnf It's result that my certificate contains the multiple domain but not the extended Key Usage for serverauth and the clientauth also my website is only accessible from Firefox. Re: [Openvpn-users] generating Self signed nsCertType=server Are you not using openssl to sign the > >> certificate? > > The CA does not need 'server' or 'client' extensions, no, just the certs > issued to endpoints you with to use with TLS client or TLS server roles. > > Also note that nsCertType is a vendor-specific attribute that is all-but- > deprecated in favor of the clientAuth and serverAuth

apt-get install libengine-pkcs11-openssl apt install gnutls-bin. Setting up your Root CA. # Extensions for server certificates (`man x509v3_config`). basicConstraints = CA:FALSE nsCertType = server nsComment = "OpenSSL Generated Server Certificate" subjectKeyIdentifier = hash authorityKeyIdentifier = keyid,issuer:always keyUsage = critical

May 27, 2020 [ZyWALL/USG] How to set up certificate authentication for

OpenSSL生成v3证书方法及配置文件_服务器应用_Linux公社-Linux …

Create your own S/MIME email certificates with Openssl Copy the openssl.cfn file to openssl-users.cnf, open the new file in a text editor and in the [ usr_cert ] section comment change the nsCertType as follows: # nsCertType = server # <---- comment out this line nsCertType = client, email # <---- un-comment this line Create the root pair — OpenSSL Certificate Authority # cd /root/ca # openssl req -config openssl.cnf \-key private/ca.key.pem \-new -x509 -days 7300-sha256 -extensions v3_ca \-out certs/ca.cert.pem Enter pass phrase for ca.key.pem: secretpassword You are about to be asked to enter information that will be incorporated into your certificate request. How to generate x509v3 Extensions in the End user [ usr_cert ] basicConstraints=CA:FALSE nsCertType = client, server, email keyUsage = nonRepudiation, digitalSignature, keyEncipherment extendedKeyUsage = serverAuth, clientAuth, codeSigning, emailProtection nsComment = "OpenSSL Generated Certificate" subjectKeyIdentifier=hash authorityKeyIdentifier=keyid,issuer Create san certificate | openssl generate csr with san