View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0000356 | Main CAcert Website | certificate issuing | public | 2006-11-15 02:03 | 2021-01-31 11:41 |
Reporter | Sourcerer | Assigned To | |||
Priority | normal | Severity | feature | Reproducibility | always |
Status | confirmed | Resolution | open | ||
Summary | 0000356: X509v3 Authority Key Identifier | ||||
Description | Those who need to trust my certificate claims it is required - otherwise their "proxy server" will not accept it They say: On a signed certificate, running "openssl x509 -noout -text -in some.cert" somewhere in the output the following shold appear : " X509v3 extensions: X509v3 Authority Key Identifier: keyid:9F:A9:16:E0:C9:FF:92:93:3B:F6:FE:60:BD:F5:13:49:3D:B2:3B:B1" That section is not in my cacert issued server certificate. | ||||
Tags | baseline requirements, certificates, signer | ||||
Reviewed by | |||||
Test Instructions | |||||
|
It appears to be related to the OpenSSL conf item: authorityKeyIdentifier = keyid,issuer:always |
|
This is still true in 2021, the extension is required by CAB Forum BR too and should be added to the signer configuration for all end entity certificates. |
Date Modified | Username | Field | Change |
---|---|---|---|
2006-11-15 02:03 | Sourcerer | New Issue | |
2006-11-15 02:10 | navy | Note Added: 0000710 | |
2020-12-21 19:05 | jandd | Tag Attached: signer | |
2021-01-31 11:40 | jandd | Assigned To | => jandd |
2021-01-31 11:40 | jandd | Status | new => confirmed |
2021-01-31 11:40 | jandd | Note Added: 0005951 | |
2021-01-31 11:40 | jandd | Tag Attached: certificates | |
2021-01-31 11:40 | jandd | Tag Attached: baseline requirements | |
2021-01-31 11:41 | jandd | Assigned To | jandd => |