Align extendedKeyUsage to the intended type for server and client

Katello · Aug 27, 2024 · 589785e · 589785e
1 parent 8e47fe0
commit 589785e
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/katello_certs_tools/sslToolConfig.py b/katello_certs_tools/sslToolConfig.py
@@ -375,14 +375,14 @@ def figureDEFS_distinguishing(options):
 [ req_server_x509_extensions ]
 basicConstraints = CA:false
 keyUsage = digitalSignature, keyEncipherment
-extendedKeyUsage = serverAuth, clientAuth
+extendedKeyUsage = serverAuth
 subjectKeyIdentifier    = hash
 authorityKeyIdentifier  = keyid, issuer:always
 
 [ req_client_x509_extensions ]
 basicConstraints = CA:false
 keyUsage = digitalSignature, keyEncipherment
-extendedKeyUsage = serverAuth, clientAuth
+extendedKeyUsage = clientAuth
 subjectKeyIdentifier    = hash
 authorityKeyIdentifier  = keyid, issuer:always
 #===========================================================================
@@ -407,7 +407,7 @@ def figureDEFS_distinguishing(options):
 [ req_server_x509_extensions ]
 basicConstraints = CA:false
 keyUsage = digitalSignature, keyEncipherment
-extendedKeyUsage = serverAuth, clientAuth
+extendedKeyUsage = serverAuth
 subjectKeyIdentifier    = hash
 authorityKeyIdentifier  = keyid, issuer:always