View Issue Details

IDProjectCategoryView StatusLast Update
0000356Main CAcert Websitecertificate issuingpublic2021-01-31 11:41
ReporterSourcerer Assigned To 
Status confirmedResolutionopen 
Summary0000356: X509v3 Authority Key Identifier
DescriptionThose who need to trust my certificate claims it is required - otherwise their "proxy server" will not accept it
They say: On a signed certificate, running "openssl x509 -noout -text -in some.cert" somewhere in the output the following shold appear : "
X509v3 extensions:
            X509v3 Authority Key Identifier: keyid:9F:A9:16:E0:C9:FF:92:93:3B:F6:FE:60:BD:F5:13:49:3D:B2:3B:B1"
That section is not in my cacert issued server certificate.
Tagsbaseline requirements, certificates, signer
Reviewed by
Test Instructions



2006-11-15 02:10

reporter   ~0000710

It appears to be related to the OpenSSL conf item:
authorityKeyIdentifier = keyid,issuer:always


2021-01-31 11:40

administrator   ~0005951

This is still true in 2021, the extension is required by CAB Forum BR too and should be added to the signer configuration for all end entity certificates.

Issue History

Date Modified Username Field Change
2006-11-15 02:03 Sourcerer New Issue
2006-11-15 02:10 navy Note Added: 0000710
2020-12-21 19:05 jandd Tag Attached: signer
2021-01-31 11:40 jandd Assigned To => jandd
2021-01-31 11:40 jandd Status new => confirmed
2021-01-31 11:40 jandd Note Added: 0005951
2021-01-31 11:40 jandd Tag Attached: certificates
2021-01-31 11:40 jandd Tag Attached: baseline requirements
2021-01-31 11:41 jandd Assigned To jandd =>