SCEP profiles fail if SCEP CA certificate has KeyUsage attributes

Number:rdar://37901724 Date Originated:
Status: Resolved:
Product:Server Product Version:17E160e
Classification: Reproducible:Always
If my SCEP CA has a KeyUsage attribute the installation of a SCEP profile will fail.

from openssl output:
        X509v3 extensions:
            X509v3 Key Usage: critical
                Certificate Sign

Steps to Reproduce:

Start a SCEP server with this key and cert: (see attachment
(the password for the private key is "secret")

Expected Results:

SCEP profile is installed. 

Actual Results:

SCEP profile install fails after the GetCACert step



additional info can be found here


Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!