Uploaded image for project: 'EJBCA'
  1. EJBCA
  2. ECA-4309

Do not include "Digital Signature" by default in key usage options for built-in CA profiles

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Critical
    • Resolution: Not needed to fix
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: PKI core
    • Issue discovered during:
      Integration

      Description

      Currently (version 6.3.2) the built-in root and sub CA certificate profiles we ship include the "Digital Signature" key usage by default (i.e. the option is enabled).

      So far, beyond testing, I have never encountered a customer that required this key usage to be enabled for a CA. I.e. I have had to disable it every single time.

      Unless there is some specific reason on why this key usage should be enabled by default in these profiles (backwards compatibility?), I would suggest to remove it so the template would resemble real-world situation more closely.

        Attachments

          Activity

            People

            Assignee:
            Unassigned
            Reporter:
            branko Branko Majic (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: