Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1139
Views
0
Helpful
2
Replies

extended key usage extension

maller
Level 1
Level 1

‎08-06-2004 12:39 AM - edited ‎07-04-2021 09:52 AM

Hi

I'm trying to generate server certificates and client certificates with extended key usage (EKU)(openssl) but I can't add it to the certificate. The EKU is necessary in order to specify server authentication usage or client authentication usage.

I´ve tried to modify my openssl.cnf file but without success.

Does anybody know how to do it?

thanks

Labels:
0 Helpful
2 Replies 2

sbilgi
Level 5
Level 5

‎08-12-2004 06:02 AM

I think IOS may not be able to understand the EKU.

0 Helpful

michaelr
Cisco Employee
Cisco Employee
In response to sbilgi

‎08-12-2004 06:20 PM

IOS understands the EKU. It is ignored unless the extension is marked critical. The reason I have been given for this is that there is no accepted standard for the contents of the extension so IOS wouldn't know what to accept or reject.

I have read some messages on IETF mailing lists which tend to indicate that use of EKU is discouraged in IKE. It may be used in other cases, though.

michael

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card