Uploaded image for project: 'EJBCA'
  1. EJBCA
  2. ECA-7547

Allow OCSP KeyBinding certificate without Key Usage

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: EJBCA 7.0.0
    • Component/s: None
    • Labels:
      None
    • Issue discovered during:
      Community
    • Sprint:
      EJBCA Team Bob - 2018 w48

      Description

      OCSP signing certificates can be without Key Usage extension completely according to RFC5280, it's optional.

       
      From RFC 5280, "4.2.1.3.  Key Usage":

       Conforming CAs MUST include this extension in certificates that
         contain public keys that are used to validate digital signatures on
         other public key certificates or CRLs.

        Attachments

          Activity

            People

            Assignee:
            tomas Tomas Gustavsson
            Reporter:
            tomas Tomas Gustavsson
            Verified by:
            Ulf Undmark
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Time Tracking

                Estimated:
                Original Estimate - 30 minutes
                30m
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 30 minutes
                30m