[openssl-users] Key Usage and Extended Key Usage certificate extension values should be required in client authentication

Indunil Rathnayake indunil.uom at gmail.com
Mon Feb 5 02:22:17 UTC 2018

Hi all,

Anyone knows in client authentication, what are the Key Usage and Extended
Key Usage purposes we should validate?

As per the specification in [1]:

   - "Extended Key Usage" is not necessary and which is configured in
   addition to or in place of the basic purposes indicated in the key usage
   - "clientAuth" which can be configure as "Extended Key Usage", and Key
   usage bits that may be consistent for that is "digitalSignature" and/or

But when validating, what are the key usage purposes that should be allowed
and disallowed for client authentication?

[1] https://tools.ietf.org/html/rfc5280#section-

Thanks and Regards


*Indunil Rathnayake *

*Faculty of Information Technology*

*University of Moratuwa.*

Email : *indunil.uom at gmail.com <indunil.uom at gmail.com>* | Skype: indu.upeksha
| Mobile : (+94)713695179  | Twitter @indunilUR |

LinkedIn: http://lk.linkedin.com/in/indunil
|  Facebook
: https://www.facebook.com/indunilrathnayake80
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20180205/734fdd2a/attachment.html>

More information about the openssl-users mailing list