From 589785e9982be2d3de97a19283da2e2533217116 Mon Sep 17 00:00:00 2001
From: "Eric D. Helms" <ericdhelms@gmail.com>
Date: Tue, 27 Aug 2024 14:54:24 -0400
Subject: [PATCH] Align extendedKeyUsage to the intended type for server and
 client

---
 katello_certs_tools/sslToolConfig.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/katello_certs_tools/sslToolConfig.py b/katello_certs_tools/sslToolConfig.py
index e5f26f7..af02086 100644
--- a/katello_certs_tools/sslToolConfig.py
+++ b/katello_certs_tools/sslToolConfig.py
@@ -375,14 +375,14 @@ def figureDEFS_distinguishing(options):
 [ req_server_x509_extensions ]
 basicConstraints = CA:false
 keyUsage = digitalSignature, keyEncipherment
-extendedKeyUsage = serverAuth, clientAuth
+extendedKeyUsage = serverAuth
 subjectKeyIdentifier    = hash
 authorityKeyIdentifier  = keyid, issuer:always
 
 [ req_client_x509_extensions ]
 basicConstraints = CA:false
 keyUsage = digitalSignature, keyEncipherment
-extendedKeyUsage = serverAuth, clientAuth
+extendedKeyUsage = clientAuth
 subjectKeyIdentifier    = hash
 authorityKeyIdentifier  = keyid, issuer:always
 #===========================================================================
@@ -407,7 +407,7 @@ def figureDEFS_distinguishing(options):
 [ req_server_x509_extensions ]
 basicConstraints = CA:false
 keyUsage = digitalSignature, keyEncipherment
-extendedKeyUsage = serverAuth, clientAuth
+extendedKeyUsage = serverAuth
 subjectKeyIdentifier    = hash
 authorityKeyIdentifier  = keyid, issuer:always