It appears that having a Key Usage ext on CSR triggers failure to parse the CSR on boulder side. Not always though, but only if “critical” is set. For example:
Requested Extensions: X509v3 Key Usage: Digital Signature, Key Encipherment
Requested Extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment
Could anyone on the dev team please confirm? Note - this is not the CSR generated by the client, this is an actual use case of CSR used with the client but generated by a specific networking equipment.