Project

General

Profile

Feature #2972

how to add X509v3 Key Usage : Key Encipherment

Added by smina would over 1 year ago. Updated over 1 year ago.

Status:
Feedback
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Start date:
13.03.2019
Due date:
Estimated time:
Resolution:

Description

Hello,

I allow myself to open this ticket which is neither a bug nor a Feature request. I hope you can help me :)
I would like to add a particular flag in my certificate, but I can not find the right parameter. is there any way to add the following flag with "ipsec pki":

X509v3 Key Usage: critical
    Key Encipherment

Thank you.

History

#1 Updated by Tobias Brunner over 1 year ago

  • Status changed from New to Feedback

is there any way to add the following flag with "ipsec pki":

No, currently not. strongSwan only uses the CRLSign and DigitalSignature/NonRepudiation flags (the latter only when parsing and for compliance with RFC 4945). So when generating certificates the former is the only flag that can be controlled (for CA certificates the CRLSign and CertificateSign flags are added automatically).

#2 Updated by smina would over 1 year ago

that's what I feared. Thank you.

Also available in: Atom PDF