Hello, what is best practice regarding including the 'Extended Key Usage' field for Server authentication within the public cert of a root CA ? i.e. should it be a golden rule for all root CA public certificates to includes this EKU Server Authentication
field ?
My situation is that our company has it's own internal root CA server but the EKU 'Server Authentication' field is missing from the public cert. This is causing problems with a third party authentication server I am configuring as it expects to see this EKU
field. It throws the error message 'Lowest cert does not have server authentication EKU, assuming this is not server cert.'
Is it easy enough to add this EKU field to the public certificate of our root CA ?
Thank you for any comments.