Search code examples
sslcertificatedigital-signaturemmc

Warning on certificate keyUsage

I have created a certificate using MMC console and assigned it to a website. However, when I view the certificate there is a warning icon on the KeyUsage part. You can see this in the below screenshot:

enter image description here

Also, I'm getting error in one of the applications that - KeyUsage does not allow digital signatures.

Why is the Microsoft certificate tool warning on keyUsage? What is wrong with it or what should I do to fix it?

Solution

  • That icon is used to represent a certificate extension that is marked as "critical", it doesn't mean that there's something wrong with it. https://support.quovadisglobal.com/kb/a92/what-is-the-caution-symbol-next-to-the-extension-name.aspx.

    Critical extensions a perfectly normal. https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.3 says that for Key Usage:

    When present, conforming CAs SHOULD mark this extension as critical.