I need to create a timestamping server authority. To do so, I need a certificate with the “timestamping” extension. I am trying to use cfssl to do that.
That was not the case in the certificate created with cfssl. I opened an issue cfssl#815
But searching in the code for creating a PR, I have a doubt :
Is it possible to define an extended key usage as critical ?
i have searched over the past few days but could not find how…
Note: According to RFC3161 sec 2.3 when signing a certificate for a time stamping usage, the extended key usage
Time Stamping must be
id-kp-timeStamping. This extension MUST be critical.
if I understood the code in
x509/buildExtensions(), Critical flag can not be set on extended key usage
There is the 13739 issue but it does not seems related.
I found a solution on how to proceed but seems ugly…
Is there a better way ?
This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.