From aa863fe13ac2d85ce4ac074cc259bf29b7798e9a Mon Sep 17 00:00:00 2001 From: Bernd Krietenstein Date: Fri, 1 Dec 2023 18:49:29 +0100 Subject: [PATCH] Added KeyUsage `DigitalSignature` to CA certs. (#197) --- Makefile | 4 +++- README.md | 2 +- depot/cacert.go | 4 +++- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/Makefile b/Makefile index e13e4ea..b035f58 100644 --- a/Makefile +++ b/Makefile @@ -20,6 +20,8 @@ SCEPSERVER=\ my: scepclient-$(OSARCH) scepserver-$(OSARCH) +win: scepclient-$(OSARCH).exe scepserver-$(OSARCH).exe + docker: scepclient-linux-amd64 scepserver-linux-amd64 $(SCEPCLIENT): @@ -48,4 +50,4 @@ test: test-race: go test -cover -race ./... -.PHONY: my docker $(SCEPCLIENT) $(SCEPSERVER) release clean test test-race +.PHONY: my mywin docker $(SCEPCLIENT) $(SCEPSERVER) release clean test test-race diff --git a/README.md b/README.md index 7875522..a4fb7ed 100644 --- a/README.md +++ b/README.md @@ -14,7 +14,7 @@ Binary releases are available on the [releases page](https://github.com/micromdm To compile the SCEP client and server you will need [a Go compiler](https://golang.org/dl/) as well as standard tools like git, make, etc. 1. Clone the repository and get into the source directory: `git clone https://github.com/micromdm/scep.git && cd scep` -2. Compile the client and server binaries: `make` +2. Compile the client and server binaries: `make` (for Windows: `make win`) The binaries will be compiled in the current directory and named after the architecture. I.e. `scepclient-linux-amd64` and `scepserver-linux-amd64`. diff --git a/depot/cacert.go b/depot/cacert.go index 260e63b..484d547 100644 --- a/depot/cacert.go +++ b/depot/cacert.go @@ -27,7 +27,9 @@ func NewCACert(opts ...CACertOption) *CACert { organization: "scep-ca", organizationalUnit: "SCEP CA", years: 10, - keyUsage: x509.KeyUsageCertSign | x509.KeyUsageCRLSign, + keyUsage: x509.KeyUsageCertSign | + x509.KeyUsageCRLSign | + x509.KeyUsageDigitalSignature, } for _, opt := range opts { opt(c)