TD0353: Guidance for Certificate Profiles
Test 4 for FDP_CER_EXT.1.1 as written violates AGD guidance.
Test 4 for FDP_CER_EXT.1.1 is modified as follows:
Test 4: For each extendedKeyUsage value defined in section 22.214.171.124 of RFC 5280, the evaluator shall attempt to configure a certificate profile with each inconsistent keyUsage for that extendedKeyUsage field. If the CA rejects the attempt to create such a profile, then the test succeeds. If the creation of such a profile is allowed within the constraints of the AGD, the evaluator shall submit a certificate request using the profile, and show that the TSF does not issue the certificate.
Test 4 should is rewritten to ensure AGD guidance is not violated