search cancel

Error: "Extended Key Usage information is present and it indicates that the certificate does not support client authentication" when installing SSL certificates

book

Article ID: 161456

calendar_today

Updated On:

Products

IT Management Suite

Issue/Introduction

When trying to install a self-signed certificate on the advanced tab of the targeted agent settings page you receive the following error:

The Extended Key Usage information is present and it indicates that the certificate does not support client authentication.

Environment

ITMS 8.x

Cause

This error will be shown if you have created your own self-signed certificate with IIS and are not using the one that Symantec creates during installation. When you create a self-signed certificate with IIS the default is only a Server Authentication certificate, the self-signed certificate created by Symantec during installation handles both Server Authentication and Client Authentication. You can see this if you open the certificate with MMC (Microsoft Management Console) and load the certificate snap-in. After opening the certificate click on the details tab and look for the Enhanced Key Usage field and you should see "Client Authentication (1.3.6.1.5.5.7.3.2)" as seen here:

If the certificate does not contain this field you will get the error "The Extended Key Usage information is present and it indicates that the certificate does not support client authentication".

Resolution

Use the self-signed certificate that was created with the installation of the ITMS or create a new certificate with the appropriate fields.

 

 

 

 

Additional Information

Error: "Extended Key Usage information is absent or it indicates that the certificate does not support server authentication" when installing SSL certificates

Attachments