'Signing a CSR fails with extended key usage set to critical

I have the following Root CA certificate:

  • basic constraints: critical,ca:true
  • key usage: keycertsign,crlsign

I'm trying to set the extended key usage to critical

Unfortunately, I can only sign the CSR with the value mentioned above not set.

I do have 2 questions:

  • Is my current configuration correct considering what I'm trying to achieve? I assume it is since the keycertsign value is indeed in the list of the key usage.
  • Does the RSA key pair used to generate the Root CA certificate need to have a specific configuration? The RSA key pair currently only have sign/verify operations

Thanks you very much in advance guys.

cryptographycertificatepkcs#11pkcs#12self-signed-certificate


Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source

Related Questions

Convert this Nodejs Function to C# Function

System.ArgumentNullException: 'String reference not set to an instance of a String. Parameter name: s'

What Salt size and position for AES 256?

One-to-one integer mapping function

Getting Started with crypto++ decryption with AES

Flutter - How to decrypt a RSA private key encrypted string if we have RSA public key with us?

Python cryptography -- How to include X509 extensions for "Subject Key Identifier" and "Authority Key Identifier" in a self-signed cert?

ECDH with HKDF using c#

Get IV size for a specific cipher in node.js

Is there a way to seed a cryptographically secure RNG engine in rust using a [u8; 64] array?

Does the size of the prime number in Shamir's Secret Sharing affect the security of the sharding?

How to transfer custom SPL token by '@solana/web3.js' and '@solana/sol-wallet-adapter'

How to apply Shamir's Secret Sharing on strings passwords

pyconfig.h missing during "pip install cryptography"

from field must match key's x, but it was y