I generated CSRs using the web gui to send to our CA, to replace new device certs. The new certs came back without the client-auth Extended Key Usage attribute set. The documentation is quite clear...
RobM
Cirrus
CirrusThanks Anjuli. I've added that link to the doco for our ops team.