How to remove Enhanced Key Usage using New-SelfSignedCertificate
Hello,
After running the following command, the Extended Key Usage / Enhanced Key Usage is showing both client and server authorization for the Root CA and Intermediate CA.
How do I remove this option for Root CAs and Intermediate CAs, as CAs should not have these options. What other parameters should be added into the New-SelfSignedCertificate to remove the option below? Client Authentication (1.3.6.1.5.5.7.3.2) Server Authentication (1.3.6.1.5.5.7.3.1)
Thanks!
Windows 10 Power Shell v5 openssl 1.1.1
$RootCA = New-SelfSignedCertificate -Subject 'CN=KeyCARootCN,O=Test Organisation, OU=Test RootCA,C=AU' -KeyLength 2048 -KeyAlgorithm 'RSA' -HashAlgorithm 'SHA256' -KeyExportPolicy Exportable -KeyUsage KeyEncipherment,DataEncipherment,CertSign,DigitalSignature,CRLSign -Provider 'Microsoft Enhanced RSA and AES Cryptographic Provider' -NotAfter (Get-Date).AddYears(40) -KeyUsageProperty All -TextExtension @(“2.5.29.19 ={critical} {text}ca=1&pathlength=5”) -CertStoreLocation Cert:\LocalMachine\My
$RootCA
$RootCAthumbprint = $RootCA.Thumbprint
$CertRootCAPassword = ConvertTo-SecureString -String “Test123” -Force –AsPlainText
$CertRootCAFilePFX = Export-PfxCertificate -Cert cert:\LocalMachine\My\$RootCAthumbprint -FilePath C:\Users\KeyCARoot.pfx -Password $CertRootCAPassword
$CertRootCAFileCER = Export-Certificate -Cert $RootCA -FilePath C:\Users\KeyCARoot.cer
$CertRootCAFileCER
$CertRootCAPath = 'C:\Users\KeyCARoot.cer'