Layer 7 API Management

Expand all | Collapse all

Certificate Key Usage or Extended Key Usage Disallowed

Jump to Best Answer
  • 1.  Certificate Key Usage or Extended Key Usage Disallowed

    Posted 08-29-2016 08:28 AM



     We are getting below error while verifying a signature using certificate given by counter party:

    Certificate key usage or extended key usage disallowed by key usage enforcement policy for activity


    Key Usage of Certificate : Digital Signature, Non-Repudiation (c0)

    Enhanced Key Usage of Certifiacte : Secure Email (
    Document Signing (
    Unknown Key Usage (1.2.840.113583.1.1.5)


    Is there any specific list of key usage, which will be allowed for verification? If yes, is there any way to override that. Please help.




  • 2.  Re: Certificate Key Usage or Extended Key Usage Disallowed
    Best Answer

    Posted 08-29-2016 03:08 PM



    The error indicates that the certificate includes further attributes that the Gateway can't handle by default. These attributes are inserted for a specific purpose. In order to handle such attributes, there are two options:

    Option 1: You can ignore key usage enforcement by setting the following cluster property:
    pkix.keyUsage = IGNORE
    ***Note: This will require a Gateway restart to go into affect***
    Details about this cluster-wide property can be found here:

    Option 2: You can implement your own key usage enforcement policy based on the information here:




    Stephen Hughes

    Director, CA Support