Hello list,
For the past 6 hours, I have not made any iota of progress towards getting this
to work. The certificate chain is Root CA > Intermediate CA > Client and Server
cert. The openssl x509 -text outputs for the CA's are included in E-Mail
attachments.
postconf -n
postconf: warning: /etc
> Sent: Wednesday, September 29, 2021 at 8:25 AM
> From: "Bugz Bunny"
> To: postfix-users@postfix.org
> Subject: Client certification verifications fails with not designated for use
> as a CA certificate
Sorry, forgot to include that I am testing this configuration
> Sent: Wednesday, September 29, 2021 at 10:45 AM
> From: "raf"
> To: postfix-users@postfix.org
> Subject: Re: Client certification verifications fails with not designated for
> use as a CA certificate
>
> On Wed, Sep 29, 2021 at 02:25:16PM +0200, Bugz Bu
> Sent: Wednesday, September 29, 2021 at 11:18 AM
> From: "Viktor Dukhovni"
> To: postfix-users@postfix.org
> Subject: Re: Client certification verifications fails with not designated for
> use as a CA certificate
> [...]
>
>
> Please don't just make stuff up, this helps noone. The reported
> er
> The last of these indicates that "LHP MX CA V1" lacks the proper
> extensions to be an X.509v3 CA for issuing TLS client certificates. The
> underlying error from OpenSSL is "X509_V_ERR_INVALID_PURPOSE".
>
> The CA's extended key usage almost certainly specifies only "serverAuth"
> and not also
