diff --git a/smx509/root_windows.go b/smx509/root_windows.go
index aa4c9b4..476aa9d 100644
--- a/smx509/root_windows.go
+++ b/smx509/root_windows.go
@@ -208,11 +208,11 @@ func (c *Certificate) systemVerify(opts *VerifyOptions) (chains [][]*Certificate
 
 	keyUsages := opts.KeyUsages
 	if len(keyUsages) == 0 {
-		keyUsages = []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth}
+		keyUsages = []ExtKeyUsage{ExtKeyUsageServerAuth}
 	}
 	oids := make([]*byte, 0, len(keyUsages))
 	for _, eku := range keyUsages {
-		if eku == x509.ExtKeyUsageAny {
+		if eku == ExtKeyUsageAny {
 			oids = nil
 			break
 		}
diff --git a/smx509/verify.go b/smx509/verify.go
index 45ef892..a52c375 100644
--- a/smx509/verify.go
+++ b/smx509/verify.go
@@ -554,12 +554,12 @@ func (c *Certificate) Verify(opts VerifyOptions) (chains [][]*Certificate, err e
 
 	keyUsages := opts.KeyUsages
 	if len(keyUsages) == 0 {
-		keyUsages = []ExtKeyUsage{x509.ExtKeyUsageServerAuth}
+		keyUsages = []ExtKeyUsage{ExtKeyUsageServerAuth}
 	}
 
 	// If any key usage is acceptable then we're done.
 	for _, usage := range keyUsages {
-		if usage == x509.ExtKeyUsageAny {
+		if usage == ExtKeyUsageAny {
 			return candidateChains, nil
 		}
 	}
@@ -846,7 +846,7 @@ NextCert:
 		}
 
 		for _, usage := range cert.ExtKeyUsage {
-			if usage == x509.ExtKeyUsageAny {
+			if usage == ExtKeyUsageAny {
 				// The certificate is explicitly good for any usage.
 				continue NextCert
 			}
@@ -863,9 +863,9 @@ NextCert:
 			for _, usage := range cert.ExtKeyUsage {
 				if requestedUsage == usage {
 					continue NextRequestedUsage
-				} else if requestedUsage == x509.ExtKeyUsageServerAuth &&
-					(usage == x509.ExtKeyUsageNetscapeServerGatedCrypto ||
-						usage == x509.ExtKeyUsageMicrosoftServerGatedCrypto) {
+				} else if requestedUsage == ExtKeyUsageServerAuth &&
+					(usage == ExtKeyUsageNetscapeServerGatedCrypto ||
+						usage == ExtKeyUsageMicrosoftServerGatedCrypto) {
 					// In order to support COMODO
 					// certificate chains, we have to
 					// accept Netscape or Microsoft SGC
diff --git a/smx509/verify_test.go b/smx509/verify_test.go
index 5753de5..edc0592 100644
--- a/smx509/verify_test.go
+++ b/smx509/verify_test.go
@@ -26,7 +26,7 @@ type verifyTest struct {
 	dnsName       string
 	systemSkip    bool
 	systemLax     bool
-	keyUsages     []x509.ExtKeyUsage
+	keyUsages     []ExtKeyUsage
 
 	errorCallback  func(*testing.T, error)
 	expectedChains [][]string
@@ -135,7 +135,7 @@ var verifyTests = []verifyTest{
 		intermediates: []string{startComIntermediate},
 		roots:         []string{startComRoot},
 		currentTime:   1302726541,
-		keyUsages:     []x509.ExtKeyUsage{x509.ExtKeyUsageAny},
+		keyUsages:     []ExtKeyUsage{ExtKeyUsageAny},
 
 		expectedChains: [][]string{
 			{"dnssec-exp", "StartCom Class 1", "StartCom Certification Authority"},
@@ -184,7 +184,7 @@ var verifyTests = []verifyTest{
 		intermediates: []string{smimeIntermediate},
 		roots:         []string{smimeRoot},
 		currentTime:   1594673418,
-		keyUsages:     []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
+		keyUsages:     []ExtKeyUsage{ExtKeyUsageServerAuth},
 
 		errorCallback: expectUsageError,
 	},
@@ -194,7 +194,7 @@ var verifyTests = []verifyTest{
 		intermediates: []string{smimeIntermediate},
 		roots:         []string{smimeRoot},
 		currentTime:   1594673418,
-		keyUsages:     []x509.ExtKeyUsage{x509.ExtKeyUsageEmailProtection},
+		keyUsages:     []ExtKeyUsage{ExtKeyUsageEmailProtection},
 
 		expectedChains: [][]string{
 			{"CORPORATIVO FICTICIO ACTIVO", "EAEko Herri Administrazioen CA - CA AAPP Vascas (2)", "IZENPE S.A."},
@@ -1722,7 +1722,7 @@ func generateCert(cn string, isCA bool, issuer *x509.Certificate, issuerKey cryp
 		NotAfter:     time.Now().Add(24 * time.Hour),
 
 		KeyUsage:              KeyUsageKeyEncipherment | KeyUsageDigitalSignature | KeyUsageCertSign,
-		ExtKeyUsage:           []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
+		ExtKeyUsage:           []ExtKeyUsage{ExtKeyUsageServerAuth},
 		BasicConstraintsValid: true,
 		IsCA:                  isCA,
 	}
diff --git a/smx509/x509_test.go b/smx509/x509_test.go
index 34620e3..b214135 100644
--- a/smx509/x509_test.go
+++ b/smx509/x509_test.go
@@ -463,7 +463,7 @@ func TestCreateSelfSignedCertificate(t *testing.T) {
 		{"SM2", &sm2Priv.PublicKey, sm2Priv, true, SM2WithSM3},
 	}
 
-	testExtKeyUsage := []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth}
+	testExtKeyUsage := []ExtKeyUsage{ExtKeyUsageClientAuth, ExtKeyUsageServerAuth}
 	testUnknownExtKeyUsage := []asn1.ObjectIdentifier{[]int{1, 2, 3}, []int{2, 59, 1}}
 	extraExtensionData := []byte("extra extension")
 
@@ -1654,7 +1654,7 @@ func TestUnknownExtKey(t *testing.T) {
 	template := &x509.Certificate{
 		SerialNumber: big.NewInt(10),
 		DNSNames:     []string{"foo"},
-		ExtKeyUsage:  []x509.ExtKeyUsage{x509.ExtKeyUsage(-1)},
+		ExtKeyUsage:  []ExtKeyUsage{ExtKeyUsage(-1)},
 	}
 	signer, err := rsa.GenerateKey(rand.Reader, 1024)
 	if err != nil {