how to add X509v3 Key Usage : Key Encipherment
I allow myself to open this ticket which is neither a bug nor a Feature request. I hope you can help me :)
I would like to add a particular flag in my certificate, but I can not find the right parameter. is there any way to add the following flag with "ipsec pki":
X509v3 Key Usage: critical Key Encipherment
#1 Updated by Tobias Brunner over 2 years ago
- Status changed from New to Feedback
is there any way to add the following flag with "ipsec pki":
No, currently not. strongSwan only uses the CRLSign and DigitalSignature/NonRepudiation flags (the latter only when parsing and for compliance with RFC 4945). So when generating certificates the former is the only flag that can be controlled (for CA certificates the CRLSign and CertificateSign flags are added automatically).