Yes, "TLS Web Client Authentication" I put also, tried different user certs, but all failed to connect. On Wed, Dec 11, 2013 at 5:22 PM, Nikos Mavrogiannopoulos <nmav at gnutls.org> wrote: > On Wed, Dec 11, 2013 at 9:58 AM, Karl <weeker at outlook.com> wrote: >> If it only have digital signature flag, iOS client will complain error >> like: "EKU not found", "CERTIFICATE_ERROR_VERIFY_KEYUSAGE_FAILED:The >> certificate did not contain the required Key Usages", after added the >> other flags, no more errors like these. > > So I guess iOS requires the "TLS Web Client Authentication" as well > (the other flags you mentioned are really unrelated). That's > interesting as the client isn't using the certificate for web > authentication (but rather for VPN). Nevertheless, it's nice to know > there are more implementations that enforce the certificate flags. > > regards, > Nikos
