SCEP profiles fail if SCEP CA certificate has KeyUsage attributes

Originator:vrancean
Number:rdar://37901724 Date Originated:
Status: Resolved:
Product:Server Product Version:17E160e
Classification: Reproducible:Always
 
Summary:
If my SCEP CA has a KeyUsage attribute the installation of a SCEP profile will fail.

from openssl output:
        X509v3 extensions:
            X509v3 Key Usage: critical
                Certificate Sign

Steps to Reproduce:

Start a SCEP server with this key and cert: (see attachment
(the password for the private key is "secret")



Expected Results:

SCEP profile is installed. 

Actual Results:

SCEP profile install fails after the GetCACert step

Version/Build:
10.13.4/17E160e

Configuration:

additional info can be found here https://github.com/groob/mac-scep-playground

Comments


Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!