From c3b810d8b7b90c8c1d8f8d56c526d78b4e5c2fd1 Mon Sep 17 00:00:00 2001
From: Bernd Krietenstein <bernd.krietenstein@rohde-schwarz.com>
Date: Thu, 12 May 2022 14:36:48 +0200
Subject: [PATCH] Added KeyUsage `DigitalSignature` to CA certs.

---
 Makefile        | 4 +++-
 README.md       | 2 +-
 depot/cacert.go | 4 +++-
 3 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/Makefile b/Makefile
index e13e4ea..b035f58 100644
--- a/Makefile
+++ b/Makefile
@@ -20,6 +20,8 @@ SCEPSERVER=\
 
 my: scepclient-$(OSARCH) scepserver-$(OSARCH)
 
+win: scepclient-$(OSARCH).exe scepserver-$(OSARCH).exe
+
 docker: scepclient-linux-amd64 scepserver-linux-amd64
 
 $(SCEPCLIENT):
@@ -48,4 +50,4 @@ test:
 test-race:
 	go test -cover -race ./...
 
-.PHONY: my docker $(SCEPCLIENT) $(SCEPSERVER) release clean test test-race
+.PHONY: my mywin docker $(SCEPCLIENT) $(SCEPSERVER) release clean test test-race
diff --git a/README.md b/README.md
index a84a2b9..d918909 100644
--- a/README.md
+++ b/README.md
@@ -14,7 +14,7 @@ Binary releases are available on the [releases page](https://github.com/micromdm
 To compile the SCEP client and server you will need [a Go compiler](https://golang.org/dl/) as well as standard tools like git, make, etc.
 
 1. Clone the repository and get into the source directory: `git clone https://github.com/micromdm/scep.git && cd scep`
-2. Compile the client and server binaries: `make`
+2. Compile the client and server binaries: `make` (for Windows: `make win`)
 
 The binaries will be compiled in the current directory and named after the architecture. I.e. `scepclient-linux-amd64` and `scepserver-linux-amd64`.
 
diff --git a/depot/cacert.go b/depot/cacert.go
index 260e63b..484d547 100644
--- a/depot/cacert.go
+++ b/depot/cacert.go
@@ -27,7 +27,9 @@ func NewCACert(opts ...CACertOption) *CACert {
 		organization:       "scep-ca",
 		organizationalUnit: "SCEP CA",
 		years:              10,
-		keyUsage:           x509.KeyUsageCertSign | x509.KeyUsageCRLSign,
+		keyUsage: x509.KeyUsageCertSign |
+			x509.KeyUsageCRLSign |
+			x509.KeyUsageDigitalSignature,
 	}
 	for _, opt := range opts {
 		opt(c)