Missing Extended Key Usage

[efa2d19]

Environment

• Operating system (including version): MacOS 13.1
• mkcert version (from mkcert -version): v1.4.4
• Server (where the certificate is loaded): Locally
• Client (e.g. browser, CLI tool, or script): Proxyman

What you did

• mkcert -install
• added root ca to Proxyman
• launched Proxyman

What went wrong

Basically nothing, everything still works fine, but Proxyman always throws an error in my face at launch

It turns out that EKU is required for MacOS ≥10.15 link to apple article

[lublak]

@drugsosos i think only ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth}, should also work.
Based on this description: TLS server certificates must contain an ExtendedKeyUsage (EKU) extension containing the id-kp-serverAuth OID.

[goldstar611]

I think you just skipped a step of generating a leaf cert after you generated the CA cert because it kind of looks like you're using your root CA as your server certificate.

You'll find x509.ExtKeyUsageServerAuth in both makeCert and makeCertFromCSR