On Tue, Sep 05, 2017 at 12:16:47PM +0200, Christoph Berg wrote: > My guess is that the new-style certificates are missing some > attributes: > > Old certificate from 2015: > > X509v3 extensions: > X509v3 Basic Constraints: critical > CA:FALSE > X509v3 Key Usage: critical > Digital Signature, Key Encipherment, Key Agreement > X509v3 Extended Key Usage: > TLS Web Client Authentication > > New certificate from this week: > > X509v3 extensions: > X509v3 Subject Alternative Name: > email:myon@debian.org > X509v3 Basic Constraints: critical > CA:FALSE > > I'll see if I can add that. I should have managed to do it, but chrome still doesn't seem to like it. Can you generate a new certificate and see if you still find differences? Enrico -- GPG key: 4096R/634F4BD1E7AD5568 2009-05-08 Enrico Zini <enrico@enricozini.org>
Attachment:
signature.asc
Description: PGP signature