Generate CSR with X509v3 Extended Key Usage: TLS Web Client Authentication

Hello friends!

Do you know if it is possible to generate CSR to have X509v3 Extended Key Usage: TLS Web Client Authentication? I tried to look for it, but can’t find.

Best Regards!

Hi @treeze!

As mentioned here, Mbed TLS is now maintained under open governance at Please post your questions there next time, if there are not related to Mbed OS or Pelion.

Teher is no direct API for writing Extended Key Usage extension for CSR, however you can use the mbedtls_x509write_csr_set_extension() APi to write any extension you want to the CSR. You can look how it is done for key_usage extension, and do something similar.
Mbed Support