Hi there,
I would like to create certificates which can be used for code signing in
Microsoft Visual Studio.
I am not completely sure, why the certificates created by OpenXPKI are not
recognized as valid for code signing.
I compared a self-signed certificate (which is working) with an
OpenXPKI-generated one and I see one (relevant) difference:
I the working certificate there's a basic constraint
"1.3.6.1.4.1.311.10.3.13" included. This OID is not present in my
certificate profile definition.
How can I add it? I already tried to add the OID directly, but that did not
seem to work.
Here are my current extensions for the "code signing" certificate profile:
extensions:
key_usage:
critical: 1
digital_signature: 1
non_repudiation: 1
key_encipherment: 1
data_encipherment: 0
key_agreement: 0
key_cert_sign: 0
crl_sign: 0
encipher_only: 0
decipher_only: 0
extended_key_usage:
critical: 1
client_auth: 1
server_auth: 0
email_protection: 1
code_signing: 1
time_stamping: 1
ocsp_signing: 0
# MS Smartcard Logon
1.3.6.1.4.1.311.20.2.2: 1
basic_constraints:
critical: 1
ca: 0
How can I add the OID 1.3.6.1.4.1.311.20.2.2 as additional extended key
usage?
Best
Tom
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
