Ping a Specific Port

Question

Roman Dmitrienko

Asked: 2017-02-16 10:51:53 +0800 CST2017-02-16 10:51:53 +0800 CST 2017-02-16 10:51:53 +0800 CST

Are there any CAs that can issue SSL certificates with extra EKUs?

772

I need an SSL certificate with a few extra uncommon EKUs (i.e. 1.3.6.1.5.5.8.2.2, "IPSec Intermediate System Usage"). Self-signed certificate is not an option. Does anybody know about any CAs that allow additional EKUs? I contacted Namecheap, Comodo and Godaddy, and all of them replied that they cannot issue one.

1 Answers

Voted

mat · Answer 1 · 2017-06-20T01:55:26+08:00

Best Answer

mat

2017-06-20T01:55:26+08:002017-06-20T01:55:26+08:00

The Baseline Requirements from the CA/Browser Forum are rather strict about inceluding extendedKeyUsage values in a certificate which are non-standard. While it is not completely forbidden, the wording is such, that a CA will usually want to avoid the hassle (see section 7.1.2.4).

Some Root Stores (Microsoft) even require of CAs to explicitely state all possible EKU values in advance, that a root or intermediate certificate might sign.

1

Are there any CAs that can issue SSL certificates with extra EKUs?

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?