Add EKU to CSR using Keytool?
-
25-09-2019 - |
Question
How can I add the "Server Authentication" EKU to a CSR or private key using Keytool?
Here is what i'm doing:
- Generate key-pair with ">Keytool -genseckey -dname="CN="my.server.com" ...
- Generate CSR using the key-pair created in step #1.
- Submitting the CSR to a Windows Enterprise CA, asking for a Web Server cert.
The CA rejects the CSR with "The certificate is not valid for the requested usage.". How can I add the "requested usage" using keytool so that the CA will issue the cert?
Solution
You can do this only with the JDK7 or later version of keytool. OpenJDK 7 should have this version.
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow