In a previous topic, there was a discussion about the "Extended Key Usage" field that was left blank by certgen, when generating a CSR:
Since we know in advance that the certificate will be used for both server and client authentication, why don't you directly put this value by default?
I had the problem with my PKI team that fills the field with "Server authentication" by default when the field is blank.
This is a good question. certgen is meant for use to generate certificates and keys for other components of the Elastic stack, which would only need client authentication as the key usage. I think we will definitely consider having this be auto populated as no EKU implies the key can be used for anything vs just client and server authentication.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.