Certgen and the "Extended Key Usage" field

In a previous topic, there was a discussion about the "Extended Key Usage" field that was left blank by certgen, when generating a CSR:

Since we know in advance that the certificate will be used for both server and client authentication, why don't you directly put this value by default?

I had the problem with my PKI team that fills the field with "Server authentication" by default when the field is blank.

Thanks in advance for your help!

This is a good question. certgen is meant for use to generate certificates and keys for other components of the Elastic stack, which would only need client authentication as the key usage. I think we will definitely consider having this be auto populated as no EKU implies the key can be used for anything vs just client and server authentication.

1 Like

Thank you Jay!

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.