when any certificate request with "KeyUsage=0xA6" Enterprise CA is not generating "Key Encipherment" but Standalone CA is able to generating "Key Encipherment" - is it by design
[Version]
Signature=$Windows NT$
[NewRequest]
Subject = "blabla.com"
Exportable = TRUE
Keyusage= 0xA6 ; or used test like CERT_KEY_ENCIPHERMENT_KEY_USAGE | CERT_KEY_CERT_SIGN_KEY_USAGE | CERT_OFFLINE_CRL_SIGN_KEY_USAGE | CERT_CRL_SIGN_KEY_USAGE
if i submit the request to Enterprise CA it is only resulting 0x86 i.e., Digital Signature, Certificate Signing, Off-line CRL Signing, CRL Signing (86)
but the same request if i submit to Stand Alone CA it is coming back with 0xA6 i.e., Digital Signature, Key Encipherment, Certificate Signing, Off-line CRL Signing, CRL Signing (a6)
should I read http://www.ietf.org/rfc/rfc3280.txt and keep quite or any product by design with MSPKI (ADCS)