Hi Sven,
according to section 5.1.3.12. "ExtendedKeyUsage" of RFC 4945
"The Internet IP Security PKI Profile of IKEv1/ISAKMP, IKEv2, and PKIX"
the IPsec User EKU is deprecated:
The CA SHOULD NOT include the ExtendedKeyUsage (EKU) extension in
certificates for use with IKE. Note that there
Hello!
We want to limit the usage of certificates by defining certain
"Extended Key Usage" (EKU) flags to them.
As an example, we want to set the "IPSec User" usage (1.3.6.1.5.5.7.3.7) and
only allow connection via IPSec, if it is set. We may use some other flags
out of our own space too.
How