-
Notifications
You must be signed in to change notification settings - Fork 103
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
X509v3 extensions from certificate not transferred to CSR #122
Comments
This was referenced Sep 10, 2023
EKU params are being passed into CSRs as of #264 We can leave this open for a more general solution but I thought it would be helpful for you to know this since extended key usages was the usecase mentioned in the original issue text. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi,
After creating a certificate with several X509v3 extensions (e.g. X509v3 Extended Key Usage: TLS Web Client Authentication), I create a certificate signing request using e.g.
certificate.serialize_request_der()
However, the certificate signing request does not contain the extensions. This is in line with an earlier issue in OpenSSL, where extensions from the certificate were not transferred to the CSR and vice versa. This appears to have been fixed by now: openssl/openssl#10458
Do you plan to add a feature to copy X509v3 extensions from the certificate into the CSR?
Thanks.
The text was updated successfully, but these errors were encountered: