X509v3 extensions from certificate not transferred to CSR #122
Comments
This was referenced Sep 10, 2023
|
EKU params are being passed into CSRs as of #264 We can leave this open for a more general solution but I thought it would be helpful for you to know this since extended key usages was the usecase mentioned in the original issue text. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi,
After creating a certificate with several X509v3 extensions (e.g. X509v3 Extended Key Usage: TLS Web Client Authentication), I create a certificate signing request using e.g.
certificate.serialize_request_der()However, the certificate signing request does not contain the extensions. This is in line with an earlier issue in OpenSSL, where extensions from the certificate were not transferred to the CSR and vice versa. This appears to have been fixed by now: openssl/openssl#10458
Do you plan to add a feature to copy X509v3 extensions from the certificate into the CSR?
Thanks.
The text was updated successfully, but these errors were encountered: