Create a certificate with key usage server authentication only

I want to know if it is possible to generate a certificate with enhanced key usage = server authentication only. By default, this field is server authentication and client authentication.

My domain is:
commandjrmain.usgoviowa.cloudapp.usgovcloudapi.net

I ran this command:

DOMAIN=“commandjrmain.usgoviowa.cloudapp.usgovcloudapi.net
CA_AUTHORITY=“https://acme-v02.api.letsencrypt.org/directory

sudo docker run -it --rm --name certbot
-v “$HOME/certbot/etc/letsencrypt:/etc/letsencrypt”
-v “$HOME/certbot/var/lib/letsencrypt:/var/lib/letsencrypt”
-v “$HOME/certbot/.secrets/certbot:/secrets/certbot”
certbot/dns-cloudflare certonly
–dns-cloudflare
–dns-cloudflare-credentials /secrets/certbot/cloudflare.ini
-d “$DOMAIN”
–server $CA_AUTHORITY

The operating system my web server runs on is (include version):
Windows Server 2016

Hi @phalcon30964,

Unfortunately it is not possible. The Let's Encrypt CA software chooses the Extended Key Usage (EKU) for the issued certificate, not the ACME client software.

If you need more control over the EKU you probably need to consider using an internal PKI.

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.