SCEP profiles fail if SCEP CA certificate has KeyUsage attributes
Originator: | vrancean | ||
Number: | rdar://37901724 | Date Originated: | |
Status: | Resolved: | ||
Product: | Server | Product Version: | 17E160e |
Classification: | Reproducible: | Always |
Summary: If my SCEP CA has a KeyUsage attribute the installation of a SCEP profile will fail. from openssl output: X509v3 extensions: X509v3 Key Usage: critical Certificate Sign Steps to Reproduce: Start a SCEP server with this key and cert: (see attachment (the password for the private key is "secret") Expected Results: SCEP profile is installed. Actual Results: SCEP profile install fails after the GetCACert step Version/Build: 10.13.4/17E160e Configuration: additional info can be found here https://github.com/groob/mac-scep-playground
Comments
Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!