-
Type: Bug
-
Resolution: Done
-
Priority: Major - P3
-
Affects Version/s: None
-
Component/s: manual
-
Labels:None
It is possible to use a single x509 certificate for both member authentication and x.509 client authentication. To do so, obtain a certificate with both clientAuth and serverAuth (i.e. “TLS Web Client Authentication” and “TLS Web Server Authentication”) specified as Extended Key Usage (EKU) values, or simply do not specify any EKU values. Provide this file as the the --sslPEMKeyFile and omit the --sslClusterFile option described below.
It is very confusing, as it might sound that we encourage to use the same x509 certificate for both client and server authentication.
- is related to
-
DOCS-4572 Clarify extendedKeyUsage needs of server/client SSL certificates
- Closed