Use a self-signed certificate

[justlucknb]

What is not working as expected?

Currently, I am unable to use any of the providers offered in your utility. I can only use self-signed certificates and add them to signingkeys.json. However, I keep encountering different errors each time I try, such as:

Error: certificate-chain is invalid, certificate with subject "": extended key usage must not contain ServerAuth eku (mkcert/openssl tools)

Crypto/Rsa: verification error (certs from vault)

Could someone help me generate a certificate that will pass validation with this utility? Alternatively, if it's possible to increase the validity period of the generate-test certificate, that would also be helpful.

Thank you in advance!

What did you expect to happen?

Use self-signed certificates normally

How can we reproduce it?

Mkcert
Openssl generate

Describe your environment

Zsh

What is the version of your Notation CLI or Notation Library?

notation version 0.10.0-alpha.3

[FeynmanZhou]

Hi @justlucknb , where did you store the generated key and cert? Is there a key management system like HashiCorp Vault?