search

hashicorp / vault

A tool for secrets management, encryption as a service, and privileged access management
https://www.vaultproject.io/
Other
31.18k stars 4.21k forks source link

Extended Key Usage as critical extension #9779

Open lainosantos opened 4 years ago

lainosantos commented 4 years ago

Is your feature request related to a problem? Please describe. There is no way to mark the Extended Key Usage as critical in Vault.

Describe the solution you'd like An option to mark Extended Key Usage as critical

Describe alternatives you've considered Now the only way is sign (verbatim) CSR. May be a checkbox in UI or a param in API.

Explain any additional use-cases In some cases, like timestamping server (https://www.ietf.org/rfc/rfc3161.txt, topic 2.3), this extesnsion should be marked as critical.

HridoyRoy commented 3 years ago

Hi @lainosantos . This definitely makes sense to me as an optimization. Thanks for filing the issue!

germanrio commented 1 year ago

I'm having the same exact issue with timestamp certificates, would be nice to be able to mark the extension as critical. Thanks.