Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Basic Constraints in CSRs #776

Open
ChristianBrandenburg opened this issue Nov 8, 2024 · 1 comment
Open

Basic Constraints in CSRs #776

ChristianBrandenburg opened this issue Nov 8, 2024 · 1 comment
Assignees
@shibayan
Labels
enhancement New feature or request

Comments

@ChristianBrandenburg
Copy link

Is your feature request related to a problem? Please describe.
I am trying to setup keyvault-acmebot with a custom CA (GlobalSign Atlas). Adding the Atlas endpoint is not a problem, but issuance of certificates fail due to OID 2.5.29.19/Basic Constraints being present in CSRs generated by keyvault-acmebot

Describe the solution you'd like
I would like CSRs not to be generated with OID 2.5.29.19/Basic Constraints. CA's usually ignore Basic Constraints (and Key usage extensions) in the CSRs they receive because they have to be added by CA's themselves according to their certificate profiles.
@ChristianBrandenburg ChristianBrandenburg added the enhancement New feature or request label Nov 8, 2024
@shibayan
Copy link
Owner

I don't know much about CSR, so I'm using the default values generated by Key Vault, but I don't understand what will improve and what the impact will be with this proposal.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@shibayan shibayan

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@shibayan @ChristianBrandenburg