hussamnasir
commented
6 years ago Pull request https://github.com/GENI-NSF/geni-tools/pull/929 addresses this. The change may have other implication and should be thoroughly investigated before a merge. We aer manually installing this on the Production GENI CH for now
Looking ahead into the future of SSL certificates used in GENI, we want the Non-CA certificates being generated for GENI to have the EKU bit set to serverAuth,clientAuth,timeStamping,emailProtection,codeSigning . The CA on the Server side has been set to EKU=any
Similar issue addressed in the GENI-CH code https://github.com/GENI-NSF/geni-ch/issues/608