scep icon indicating copy to clipboard operation
scep copied to clipboard
verified publisher icon micromdm

Feature Request - Adding Key Attributes to CSR (SCEP Client)

Open brokoler opened this issue 3 years ago • 3 comments

Hello,

I would like to ask if it is possible to add specific Key Usage and Extended Key Usage attributes to the CSR generated by the SCEP client. For example I would like to add the Key Usage option "CRL Sign" and "Certificate Sign".

From my testings following attributes are set with the default CSR generated by the Go SCEP client: grafik

Would be great if the Go SCEP client would add multiple configuration parameters to set the values. As long this is not possible, is the client compatible to a manually generated CSR?

Reason for my request: I'm using Aruba Clearpass as a SCEP server which is working with the client application, but it's not possible to set the Key Usage attributes for clients on my CA itself.

Best regards

brokoler avatar May 05 '22 08:05 brokoler

Alternatively would it be possible to add following parameter?

-existing-csr string path to existing csr, which is used for SCEP request

I only see the option to import an existing private-key

brokoler avatar May 05 '22 11:05 brokoler