Uploaded image for project: 'EJBCA'
  1. EJBCA
  2. ECA-8308

Add key usage and extended key usage to OcspKeyBinding CSR

    Details

    • Provenance:
      Ordered by Customer
    • Sprint:
      EJBCA Team Bob - 2019 w24

      Description

      When creating a CSR for an OcspKeyBinding, the CSR does not contain any certificate extensions and attributes which makes it incompatible with MS CA.

      Investigate if we can fix this and create patch compatible with EJBCA 7.1.0.3.

      The following items should be in the CSR created from an OcspKeyBinding (see examples in comments):

      • extendedKeyUsage = ocspSigning
      • keyUsage = digitalSignature
      • id-pkix-ocsp-nocheck
      • subjectKeyIdentifier

      These two items was added in this ticket. Additionally we will also need:

      • Microsoft specific attributes

      This will be done in a follow-up ticket.

      OIDs are documented here: https://support.microsoft.com/en-us/help/287547/object-ids-associated-with-microsoft-cryptography

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              bastianf Bastian Fredriksson
              Reporter:
              bastianf Bastian Fredriksson
              Verified by:
              Samuel Lidén Borell
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - 1 hour Original Estimate - 1 hour
                  1h
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 5 hours, 30 minutes
                  5h 30m