From 61ccaa31abde9f087ca9f0dd5003dbb20ef444d6 Mon Sep 17 00:00:00 2001 From: Reinhard Urban Date: Mon, 7 Aug 2023 09:48:50 +0200 Subject: [PATCH] no ExtKeyUsageServerAuth with -client client and server auth extensions don't mix together well, esp. on windows Server 10. --- cert.go | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/cert.go b/cert.go index 4ce36ccf..ef306710 100644 --- a/cert.go +++ b/cert.go @@ -87,8 +87,7 @@ func (m *mkcert) makeCert(hosts []string) { if m.client { tpl.ExtKeyUsage = append(tpl.ExtKeyUsage, x509.ExtKeyUsageClientAuth) - } - if len(tpl.IPAddresses) > 0 || len(tpl.DNSNames) > 0 || len(tpl.URIs) > 0 { + } else if len(tpl.IPAddresses) > 0 || len(tpl.DNSNames) > 0 || len(tpl.URIs) > 0 { tpl.ExtKeyUsage = append(tpl.ExtKeyUsage, x509.ExtKeyUsageServerAuth) } if len(tpl.EmailAddresses) > 0 {