Fatal error: Key usage violation in certificate has been detected

Nikos Mavrogiannopoulos n.mavrogiannopoulos at gmail.com
Sat Oct 24 03:11:42 CEST 2009

Daniel Kahn Gillmor wrote:

>> And if it is the case (and I think that it IS the case), which possibles 
>> workarounds exist ?
> Maybe there's a GnuTLS priority string you can set to disable usage flag
> checking as a workaround?  if there is, i couldn't find it here:
>  http://www.gnu.org/software/gnutls/manual/html_node/Core-functions.html#gnutls_priority_set
> seems like they should reall use a certificate with the right usage 
> flags set, though.

I can see that the certificate allow:
            X509v3 Key Usage:
                Key Encipherment

and that means it will issue key usage violation for all ciphersuites
except for RSA (not even DHE-RSA, just RSA). Thus the server sending
this certificate must be configured to disable all other ciphersuites.


More information about the Gnutls-devel mailing list