In a previous topic, there was a discussion about the "Extended Key Usage" field that was left blank by certgen, when generating a CSR:
Since we know in advance that the certificate will be used for both server and client authentication, why don't you directly put this value by default?
I had the problem with my PKI team that fills the field with "Server authentication" by default when the field is blank.
Thanks in advance for your help!
This is a good question. certgen is meant for use to generate certificates and keys for other components of the Elastic stack, which would only need client authentication as the key usage. I think we will definitely consider having this be auto populated as no EKU implies the key can be used for anything vs just client and server authentication.
Thank you Jay!
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.