From 32b4722ccac739d85311b776e2e1175f8770fc18 Mon Sep 17 00:00:00 2001 From: jonathan vanasco Date: Thu, 19 Jun 2025 18:23:17 -0400 Subject: [PATCH] drop ClientAuth from EKU --- main.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/main.go b/main.go index 591bf4f..ffbc2d0 100644 --- a/main.go +++ b/main.go @@ -173,7 +173,7 @@ func makeRootCert(key crypto.Signer, filename string) (*x509.Certificate, error) SubjectKeyId: skid, AuthorityKeyId: skid, KeyUsage: x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign, - ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth, x509.ExtKeyUsageClientAuth}, + ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth}, BasicConstraintsValid: true, IsCA: true, MaxPathLenZero: true, @@ -281,7 +281,7 @@ func sign(iss *issuer, domains []string, ipAddresses []string, alg x509.PublicKe NotAfter: time.Now().AddDate(2, 0, 30), KeyUsage: x509.KeyUsageDigitalSignature | x509.KeyUsageKeyEncipherment, - ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth, x509.ExtKeyUsageClientAuth}, + ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth}, BasicConstraintsValid: true, IsCA: false, }