Add serverAuth EKU to client certs for Service Mesh mTLS setups

2025-10-13 16:31:41 +08:00 · 2019-06-17 11:22:04 +02:00
parent ff17118210
commit 574ea52743
1 changed files with 1 additions and 1 deletions
--- a/cert.go
+++ b/cert.go
@@ -80,7 +80,7 @@ func (m *mkcert) makeCert(hosts []string) {
 	}

 	if m.client {
-		tpl.ExtKeyUsage = []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth}
+		tpl.ExtKeyUsage = []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth}
 	} else if len(tpl.IPAddresses) > 0 || len(tpl.DNSNames) > 0 {
 		tpl.ExtKeyUsage = []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth}
 	}