I generated CSRs using the web gui to send to our CA, to replace new device certs. The new certs came back without the client-auth Extended Key Usage attribute set. The documentation is quite clear that it must be, so it's my fault for not communicating that to the CA. But if the CSR had included that EKU in the Requested Extensions, then I wouldn't have had to remember (at least, if my CA honored the request...)
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.