MelissaLee-2410 avatar image
0 Votes"
MelissaLee-2410 asked ·

How to remove Enhanced Key Usage using New-SelfSignedCertificate


After running the following command, the Extended Key Usage / Enhanced Key Usage is showing both client and server authorization for the Root CA and Intermediate CA.
How do I remove this option for Root CAs and Intermediate CAs, as CAs should not have these options. What other parameters should be added into the New-SelfSignedCertificate to remove the option below? Client Authentication ( Server Authentication (


Windows 10 Power Shell v5 openssl 1.1.1

$RootCA = New-SelfSignedCertificate -Subject 'CN=KeyCARootCN,O=Test Organisation, OU=Test RootCA,C=AU' -KeyLength 2048 -KeyAlgorithm 'RSA' -HashAlgorithm 'SHA256' -KeyExportPolicy Exportable -KeyUsage KeyEncipherment,DataEncipherment,CertSign,DigitalSignature,CRLSign -Provider 'Microsoft Enhanced RSA and AES Cryptographic Provider' -NotAfter (Get-Date).AddYears(40) -KeyUsageProperty All -TextExtension @(“ ={critical} {text}ca=1&pathlength=5”) -CertStoreLocation Cert:\LocalMachine\My
$RootCAthumbprint = $RootCA.Thumbprint

$CertRootCAPassword = ConvertTo-SecureString -String “Test123” -Force –AsPlainText
$CertRootCAFilePFX = Export-PfxCertificate -Cert cert:\LocalMachine\My\$RootCAthumbprint -FilePath C:\Users\KeyCARoot.pfx -Password $CertRootCAPassword

$CertRootCAFileCER = Export-Certificate -Cert $RootCA -FilePath C:\Users\KeyCARoot.cer

$CertRootCAPath = 'C:\Users\KeyCARoot.cer'

· 2
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Do you see the Extended Key Usage when the OID specified in -TextExtension in your script is Basic Constraints

0 Votes 0 ·

0 Answers