Fixed makecerts.py script to specify extended key usage

2 files changed, 4 insertions, 4 deletions

diff --git a/certs/makecerts.py b/certs/makecerts.py
index 2d3008d10d6..8287904ec83 100755
--- a/certs/makecerts.py
+++ b/certs/makecerts.py
@@ -95,7 +95,7 @@ factory.getCA().save("cacert.pem").save("cacert.der")
 #
 # Client certificate
 #
-client = factory.create("client")
+client = factory.create("client", extendedKeyUsage="clientAuth")
 client.save("client.p12")
 
 #
@@ -103,7 +103,7 @@ client.save("client.p12")
 #
 # NOTE: server.pem is used by scripts/TestController.py
 #
-server = factory.create("server", cn = (dns if usedns else ip), ip=ip, dns=dns)
+server = factory.create("server", cn = (dns if usedns else ip), ip=ip, dns=dns, extendedKeyUsage="serverAuth,clientAuth")
 server.save("server.p12").save("server.pem")
 
 try:
diff --git a/cpp/test/IceSSL/certs/makecerts.py b/cpp/test/IceSSL/certs/makecerts.py
index 872d018fda7..34e94045219 100755
--- a/cpp/test/IceSSL/certs/makecerts.py
+++ b/cpp/test/IceSSL/certs/makecerts.py
@@ -124,7 +124,7 @@ certs = [
 #
 for (ca, alias, args) in certs:
     if not ca.get(alias):
-        ca.create(alias, **args)
+        ca.create(alias, extendedKeyUsages="clientAuth" if alias.startswith("c_") else "serverAuth", **args)
 
 savecerts = [
     (ca1, "s_rsa_ca1",     None,              {}),
@@ -171,7 +171,7 @@ for (ca, alias, path, args) in savecerts:
 for size in [512, 1024]:
     dhparams = "dh_params{0}.der".format(size)
     if clean or not os.path.exists(dhparams):
-        ca1.run("openssl dhparam -outform=DER -out={0} {1}".format(dhparams, size))
+        ca1.run("openssl dhparam -outform DER -out {0} {1}".format(dhparams, size))
 
 #
 # Create certificate with custom extensions