Bug 546154

Summary: yast2-ca-management: extendedKeyUsage "TLS Web Server Authentication"
Product: [openSUSE] openSUSE 11.2 Reporter: Ludwig Nussel <lnussel>
Component: YaST2Assignee: Michael Calmer <mc>
Status: RESOLVED FIXED QA Contact: Jiri Srain <jsrain>
Severity: Normal    
Priority: P4 - Low    
Version: Factory   
Target Milestone: Future 11.3   
Hardware: Other   
OS: Other   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Attachments: screenshot

Description Ludwig Nussel 2009-10-12 12:25:41 UTC 
Created attachment 322057 [details]
screenshot

In order to run a WLAN with e.g. EAP-TLS and Windows clients the cerficates need special values for extendedKeyUsage:
http://support.microsoft.com/kb/814394

It's possible to enter the oids manually in the advanced settings dialog of the yast2 ca management module when creating a certificate request. It refues to sign the certificate request though (see screenshot).

Would be nice if at least signing was possible. Bonus points for offering the values in a drop-down box or something so one doesn't need to look them up every time :-)
Comment 1 Michael Calmer 2009-11-13 11:20:26 UTC 
I got this reproduced.

Here a quick workaround:

go to the "Certificates" tab and click on the button "Add => Server Certificate".

This is doing a request and signing in one task. This is working. 
The seperate tasks, first create a request and than sign it, produces the error above.

I will look into it.
Comment 2 Michael Calmer 2009-11-13 14:06:44 UTC 
Fixed for SP1 and in SVN for Factory.