Adding CA Signing CSR Extension - dogtagpki/pki GitHub Wiki
By default CA signing CSR will have the following extensions:
-
basic constraints
-
key usage
An extension can be added to the subordinate CA’s signing CSR during installation.
For example, to add a Microsoft’s Subordinate CA extension, specify the following parameters in the subordinate CA’s deployment configuration:
pki_req_ext_add=True pki_req_ext_oid=1.3.6.1.4.1.311.20.2 pki_req_ext_data=1E0A00530075006200430041 pki_req_ext_critical=False