Update: The CertificateExtension.EnhancedKeyUsage
method has been added in Rebex Security 2014 R3, which means the code below is no longer needed.
This looks like an omission on our part. We wanted to add a CertificateExtension.EnhancedKeyUsage method (similar to CertificateExtension.KeyUsage), but never actually implemented it, even though we support extended/enhanced key usage extension in other parts of our library.
Fortunately, a workaround for this is not too complicated:
// construct a sequence of a single extended key usage item
// (see http://www.alvestrand.no/objectid/2.5.29.37.html for details)
var oid = new ObjectIdentifier("1.3.6.1.5.5.7.3.2"); //Client Authentication
byte[] rawOid = oid.ToArray(true);
byte[] rawOidList = new byte[rawOid.Length + 2];
rawOidList[0] = 0x30; // sequence
rawOidList[1] = (byte)rawOid.Length; // length (OID length should fit into one byte)
rawOid.CopyTo(rawOidList, 2);
// add a non-critical "extended key usage" extension with the raw OID list
csr.CertificateExtensions.Add(new CertificateExtension("2.5.29.37", false, rawOidList));
If you would like to try a beta of our library when we add CertificateExtension.EnhancedKeyUsage method, please let me know. Thanks for bringing this to our attention!