weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

Add Key Encipherment bit to Key Usage extension

Browse Source 
Google Chrome rejects the certificate for SSL connections if the Key Usage extension does not include the keyEncipherment purpose.
This commit is contained in:
Tim 2018-04-17 16:25:10 -07:00 committed by GitHub
parent 63494398b0
commit 54067d5446
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
pkg/issuer/ca/issue.go
View File

@ -110,7 +110,7 @@ func createCertificateTemplate(publicKey interface{}, commonName string, altName
NotBefore: time.Now(),
NotAfter: time.Now().Add(certificateDuration),
// see http://golang.org/pkg/crypto/x509/#KeyUsage
KeyUsage: x509.KeyUsageDigitalSignature,
KeyUsage: x509.KeyUsageDigitalSignature | x509.KeyUsageKeyEncipherment,
DNSNames: altNames,
}
return cert, nil