diff --git a/opc-ua-stack/stack-core/src/main/java/org/eclipse/milo/opcua/stack/core/util/validation/CertificateValidationUtil.java b/opc-ua-stack/stack-core/src/main/java/org/eclipse/milo/opcua/stack/core/util/validation/CertificateValidationUtil.java
index 04b7d0509f..ea893132bc 100644
--- a/opc-ua-stack/stack-core/src/main/java/org/eclipse/milo/opcua/stack/core/util/validation/CertificateValidationUtil.java
+++ b/opc-ua-stack/stack-core/src/main/java/org/eclipse/milo/opcua/stack/core/util/validation/CertificateValidationUtil.java
@@ -348,19 +348,6 @@ private static void checkAnchorValidity(
                     );
                 }
             }
-        } else {
-            try {
-                checkIssuerKeyUsage(anchorCert);
-            } catch (UaException e) {
-                if (validationChecks.contains(ValidationCheck.KEY_USAGE_ISSUER)) {
-                    throw e;
-                } else {
-                    LOGGER.warn(
-                        "check suppressed: certificate failed issuer KeyUsage check: {}",
-                        anchorCert.getSubjectX500Principal().getName()
-                    );
-                }
-            }
         }
     }
 
@@ -613,42 +600,6 @@ public static void checkEndEntityExtendedKeyUsage(
         }
     }
 
-    public static void checkIssuerKeyUsage(X509Certificate certificate) throws UaException {
-        boolean[] keyUsage = certificate.getKeyUsage();
-
-        if (keyUsage == null) {
-            throw new UaException(
-                StatusCodes.Bad_CertificateIssuerUseNotAllowed,
-                "KeyUsage extension not found"
-            );
-        }
-
-        boolean digitalSignature = keyUsage[0];
-        boolean keyCertSign = keyUsage[5];
-        boolean crlSign = keyUsage[6];
-
-        if (!digitalSignature) {
-            throw new UaException(
-                StatusCodes.Bad_CertificateIssuerUseNotAllowed,
-                "required KeyUsage 'digitalSignature' not found"
-            );
-        }
-
-        if (!keyCertSign) {
-            throw new UaException(
-                StatusCodes.Bad_CertificateIssuerUseNotAllowed,
-                "required KeyUsage 'keyCertSign' not found"
-            );
-        }
-
-        if (!crlSign) {
-            throw new UaException(
-                StatusCodes.Bad_CertificateIssuerUseNotAllowed,
-                "required KeyUsage 'cRLSign' not found"
-            );
-        }
-    }
-
     /**
      * Validate that the application URI matches the SubjectAltName URI in the given certificate.
      *
diff --git a/opc-ua-stack/stack-core/src/main/java/org/eclipse/milo/opcua/stack/core/util/validation/OpcUaCertificateUsageChecker.java b/opc-ua-stack/stack-core/src/main/java/org/eclipse/milo/opcua/stack/core/util/validation/OpcUaCertificateUsageChecker.java
index b539d11009..55919e8dfc 100644
--- a/opc-ua-stack/stack-core/src/main/java/org/eclipse/milo/opcua/stack/core/util/validation/OpcUaCertificateUsageChecker.java
+++ b/opc-ua-stack/stack-core/src/main/java/org/eclipse/milo/opcua/stack/core/util/validation/OpcUaCertificateUsageChecker.java
@@ -125,33 +125,6 @@ public void check(Certificate cert, Collection<String> unresolvedCritExts) throw
                     );
                 }
             }
-        } else {
-            try {
-                CertificateValidationUtil.checkIssuerKeyUsage((X509Certificate) cert);
-
-                LOGGER.debug(
-                    "validated KeyUsage for issuer: {}",
-                    ((X509Certificate) cert).getSubjectX500Principal().getName()
-                );
-            } catch (UaException e) {
-                if (validationChecks.contains(ValidationCheck.KEY_USAGE_ISSUER) ||
-                    criticalExtensions.contains(KEY_USAGE_OID)
-                ) {
-
-                    throw new CertPathValidatorException(
-                        e.getMessage(),
-                        e,
-                        certPath,
-                        certPath.getCertificates().indexOf(cert),
-                        PKIXReason.INVALID_KEY_USAGE
-                    );
-                } else {
-                    LOGGER.warn(
-                        "check suppressed: certificate failed issuer usage check: {}",
-                        ((X509Certificate) cert).getSubjectX500Principal().getName()
-                    );
-                }
-            }
         }
 
         if (unresolvedCritExts != null && !unresolvedCritExts.isEmpty()) {
diff --git a/opc-ua-stack/stack-core/src/main/java/org/eclipse/milo/opcua/stack/core/util/validation/ValidationCheck.java b/opc-ua-stack/stack-core/src/main/java/org/eclipse/milo/opcua/stack/core/util/validation/ValidationCheck.java
index e665d13814..e7b4ead9de 100644
--- a/opc-ua-stack/stack-core/src/main/java/org/eclipse/milo/opcua/stack/core/util/validation/ValidationCheck.java
+++ b/opc-ua-stack/stack-core/src/main/java/org/eclipse/milo/opcua/stack/core/util/validation/ValidationCheck.java
@@ -43,13 +43,6 @@ public enum ValidationCheck {
      */
     EXTENDED_KEY_USAGE_END_ENTITY,
 
-    /**
-     * The KeyUsage extension must be present and checked for CA certificates.
-     * <p>
-     * This check does not apply to self-signed end-entity certificates.
-     */
-    KEY_USAGE_ISSUER,
-
     /**
      * Revocation checking must happen.
      */