Open brokoler opened 2 years ago
brokoler
commented
2 years ago Alternatively would it be possible to add following parameter?
-existing-csr string
path to existing csr, which is used for SCEP request
I only see the option to import an existing private-key
avanide
commented
1 month ago Hi, Did you find a solution? I would like to change the key usage too. I see the client has an option "-certificate string". Could it be used to create the certificate "by hand" before requesting the signature (CSR)?
jessepeterson
commented
1 month ago I'd recommend taking a look at smallstep's CA: https://github.com/smallstep/certificates
Thanks!
Hello,
I would like to ask if it is possible to add specific Key Usage and Extended Key Usage attributes to the CSR generated by the SCEP client. For example I would like to add the Key Usage option "CRL Sign" and "Certificate Sign".
From my testings following attributes are set with the default CSR generated by the Go SCEP client:
Would be great if the Go SCEP client would add multiple configuration parameters to set the values. As long this is not possible, is the client compatible to a manually generated CSR?
Reason for my request: I'm using Aruba Clearpass as a SCEP server which is working with the client application, but it's not possible to set the Key Usage attributes for clients on my CA itself.
Best regards