[Pki-users] enabling key usage extension in caRouterCert
Akshath Hegde
arhsagar at gmail.com
Fri Jan 17 14:50:31 UTC 2020
Hi,
I'm trying to enroll my router with dogtag CA through scep. On router I
have 2 different rsa keypairs, one of which is to be used onyl for signing
and the other for key encipherment. The router sends scep requests for each
of these keys and 2 certificates are expected at the end. I need the key
usage extension from the server for this. I need some help in editing the
profile for this. I tried editing caRouterCert.cfg file with different
values for defaults and constraints, but I couldnt see how to get the final
cert o have just what was in the request. If I put default as true for
both, then both of them would be in the cert request in both requests sent
by router, and when its false none would be there. Any help regarding how
to achieve this would be greatly appreciated
Thanks
Akshath
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-users/attachments/20200117/0f33f8ee/attachment.htm>
More information about the Pki-users
mailing list