Hi Thomas,
works as expected by just adding the OID to the YAML in the same way as
the MS Smartcard example, see
https://demo.openxpki.org/webui/index/#/openxpki/certificate!detail!identifier!ZRNtwNgidjpthdLgNZiF5o9US7w
Oliver
On 18.12.23 16:56, Thomas Schachtner via OpenXPKI-users wrote:
Hi there,
I would like to create certificates which can be used for code signing
in Microsoft Visual Studio.
I am not completely sure, why the certificates created by OpenXPKI are
not recognized as valid for code signing.
I compared a self-signed certificate (which is working) with an
OpenXPKI-generated one and I see one (relevant) difference:
I the working certificate there's a basic constraint
"1.3.6.1.4.1.311.10.3.13" included. This OID is not present in my
certificate profile definition.
How can I add it? I already tried to add the OID directly, but that
did not seem to work.
Here are my current extensions for the "code signing" certificate profile:
extensions:
key_usage:
critical: 1
digital_signature: 1
non_repudiation: 1
key_encipherment: 1
data_encipherment: 0
key_agreement: 0
key_cert_sign: 0
crl_sign: 0
encipher_only: 0
decipher_only: 0
extended_key_usage:
critical: 1
client_auth: 1
server_auth: 0
email_protection: 1
code_signing: 1
time_stamping: 1
ocsp_signing: 0
# MS Smartcard Logon
1.3.6.1.4.1.311.20.2.2: 1
basic_constraints:
critical: 1
ca: 0
How can I add the OID 1.3.6.1.4.1.311.20.2.2 as additional extended
key usage?
Best
Tom
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
--
Protect your environment - close windows and adopt a penguin!
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
