ejbca

Missing extended key usage in Signserver but it is marked and critical during enrollment in EJBCA


I am trying to use EJBCA enrolled certificate in signserver. There is some problem during usage it in timestamping. It gives this error using command signserver getstatus brief all

Errors:
      - Missing extended key usage timeStamping
      - The extended key usage extension must be present and marked as critical

Although when I checked certificate profile timestamping extended key usage is marked and critical. Is there any way that I could enroll with timestamping?

OS version: Windows Server 2016
Java: OpenJDK 8.0.242.08
Ant: ant 1.9.14
Database: MariaDB 10.4.12
Server: Wildfly 10.1.0
Signserver: 5.2.0 EJBCA: Community 6.15.2.6

https://pastebin.com/bkpNBvc1

enter image description here


Solution

  • This error persisted because I used one CN and Alias (or Friendly Name for OpenSSL) For issuer and subject. As it seems it was using the issuer certificate which obviously doesn't have timestamping extended key usage and was giving same Missing extended key usage timeStamping error despite all the previous tries.