Drop use of deprecated nsCertType

katello-certs-sign

@@ -149,7 +149,6 @@ emailAddress		= optional
 [ usr_cert ]
 basicConstraints = CA:false
 extendedKeyUsage = serverAuth,clientAuth
-nsCertType = server
 keyUsage = digitalSignature, keyEncipherment
 
 # PKIX recommendations harmless if included in all certificates.

katello_certs_tools/sslToolConfig.py

@@ -369,23 +369,20 @@ def figureDEFS_distinguishing(options):
 basicConstraints = CA:true
 keyUsage = digitalSignature, keyEncipherment, keyCertSign, cRLSign
 extendedKeyUsage = serverAuth, clientAuth
-nsCertType = server, sslCA
 subjectKeyIdentifier    = hash
 authorityKeyIdentifier  = keyid, issuer:always
 
 [ req_server_x509_extensions ]
 basicConstraints = CA:false
 keyUsage = digitalSignature, keyEncipherment
 extendedKeyUsage = serverAuth, clientAuth
-nsCertType = server
 subjectKeyIdentifier    = hash
 authorityKeyIdentifier  = keyid, issuer:always
 
 [ req_client_x509_extensions ]
 basicConstraints = CA:false
 keyUsage = digitalSignature, keyEncipherment
 extendedKeyUsage = serverAuth, clientAuth
-nsCertType = client
 subjectKeyIdentifier    = hash
 authorityKeyIdentifier  = keyid, issuer:always
 #===========================================================================
@@ -411,7 +408,6 @@ def figureDEFS_distinguishing(options):
 basicConstraints = CA:false
 keyUsage = digitalSignature, keyEncipherment
 extendedKeyUsage = serverAuth, clientAuth
-nsCertType = %s
 subjectKeyIdentifier    = hash
 authorityKeyIdentifier  = keyid, issuer:always
 
@@ -709,7 +705,7 @@ def save(self, d, caYN=0, verbosity=0):
               )
         else:
             openssl_cnf = CONF_TEMPLATE_SERVER \
-              % (gen_req_distinguished_name(rdn), d['--purpose'],  gen_req_alt_names(d, rdn['CN']))
+              % (gen_req_distinguished_name(rdn), gen_req_alt_names(d, rdn['CN']))
 
         try:
             rotated = rotateFile(filepath=self.filename, verbosity=verbosity)