View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0000356 | Main CAcert Website | certificate issuing | public | 2006-11-15 02:03 | 2021-01-31 11:41 |
| Reporter | Sourcerer | Assigned To | |||
| Priority | normal | Severity | feature | Reproducibility | always |
| Status | confirmed | Resolution | open | ||
| Summary | 0000356: X509v3 Authority Key Identifier | ||||
| Description | Those who need to trust my certificate claims it is required - otherwise their "proxy server" will not accept it They say: On a signed certificate, running "openssl x509 -noout -text -in some.cert" somewhere in the output the following shold appear : " X509v3 extensions: X509v3 Authority Key Identifier: keyid:9F:A9:16:E0:C9:FF:92:93:3B:F6:FE:60:BD:F5:13:49:3D:B2:3B:B1" That section is not in my cacert issued server certificate. | ||||
| Tags | baseline requirements, certificates, signer | ||||
| Reviewed by | |||||
| Test Instructions | |||||
|
|
It appears to be related to the OpenSSL conf item: authorityKeyIdentifier = keyid,issuer:always |
|
|
This is still true in 2021, the extension is required by CAB Forum BR too and should be added to the signer configuration for all end entity certificates. |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2006-11-15 02:03 | Sourcerer | New Issue | |
| 2006-11-15 02:10 | navy | Note Added: 0000710 | |
| 2020-12-21 19:05 | jandd | Tag Attached: signer | |
| 2021-01-31 11:40 | jandd | Assigned To | => jandd |
| 2021-01-31 11:40 | jandd | Status | new => confirmed |
| 2021-01-31 11:40 | jandd | Note Added: 0005951 | |
| 2021-01-31 11:40 | jandd | Tag Attached: certificates | |
| 2021-01-31 11:40 | jandd | Tag Attached: baseline requirements | |
| 2021-01-31 11:41 | jandd | Assigned To | jandd => |
