Hi,

I'm trying to enroll my router with dogtag CA through scep. On router I have 2 different rsa keypairs, one of which is to be used onyl for signing and the other for key encipherment. The router sends scep requests for each of these keys and 2 certificates are expected at the end. I need the key usage extension from the server for this. I need some help in editing the profile for this. I tried editing caRouterCert.cfg file with different values for defaults and constraints, but I couldnt see how to get the final cert o have just what was in the request. If I put default as true for both, then both of them would be in the cert request in both requests sent by router, and when its false none would be there. Any help regarding how to achieve this would be greatly appreciated

Thanks

Akshath