CertService sets in code following key usage:
digitalSignature & keyEncipherment & nonRepudiation
but in request sent to CMPv2 server different bits are checked. Need to find out why and fix this.
Additionally CertService should send clientAuth & serverAuth in extendedKeyUsage extension.