Adding CA Signing CSR Extension - dogtagpki/pki GitHub Wiki

By default CA signing CSR will have the following extensions:

basic constraints
key usage

An extension can be added to the subordinate CA’s signing CSR during installation.

For example, to add a Microsoft’s Subordinate CA extension, specify the following parameters in the subordinate CA’s deployment configuration:

pki_req_ext_add=True
pki_req_ext_oid=1.3.6.1.4.1.311.20.2
pki_req_ext_data=1E0A00530075006200430041
pki_req_ext_critical=False

See Also

Tip	To find a page in the Wiki, enter the keywords in search field, press Enter, then click Wikis.

⚠️ GitHub.com Fallback ⚠️