diff --git a/cas/cloudcas/certificate.go b/cas/cloudcas/certificate.go
index c29eee60..4bbec946 100644
--- a/cas/cloudcas/certificate.go
+++ b/cas/cloudcas/certificate.go
@@ -38,15 +38,9 @@ var extraExtensions = [...]asn1.ObjectIdentifier{
 
 var (
 	oidExtKeyUsageAny                            = asn1.ObjectIdentifier{2, 5, 29, 37, 0}
-	oidExtKeyUsageServerAuth                     = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 3, 1}
-	oidExtKeyUsageClientAuth                     = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 3, 2}
-	oidExtKeyUsageCodeSigning                    = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 3, 3}
-	oidExtKeyUsageEmailProtection                = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 3, 4}
 	oidExtKeyUsageIPSECEndSystem                 = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 3, 5}
 	oidExtKeyUsageIPSECTunnel                    = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 3, 6}
 	oidExtKeyUsageIPSECUser                      = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 3, 7}
-	oidExtKeyUsageTimeStamping                   = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 3, 8}
-	oidExtKeyUsageOCSPSigning                    = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 3, 9}
 	oidExtKeyUsageMicrosoftServerGatedCrypto     = asn1.ObjectIdentifier{1, 3, 6, 1, 4, 1, 311, 10, 3, 3}
 	oidExtKeyUsageNetscapeServerGatedCrypto      = asn1.ObjectIdentifier{2, 16, 840, 1, 113730, 4, 1}
 	oidExtKeyUsageMicrosoftCommercialCodeSigning = asn1.ObjectIdentifier{1, 3, 6, 1, 4, 1, 311, 2, 1, 22}
diff --git a/cas/cloudcas/cloudcas.go b/cas/cloudcas/cloudcas.go
index e6aa9a49..f8679fe8 100644
--- a/cas/cloudcas/cloudcas.go
+++ b/cas/cloudcas/cloudcas.go
@@ -31,11 +31,6 @@ type CertificateAuthorityClient interface {
 	RevokeCertificate(ctx context.Context, req *pb.RevokeCertificateRequest, opts ...gax.CallOption) (*pb.Certificate, error)
 }
 
-var (
-	stepOIDRoot                 = asn1.ObjectIdentifier{1, 3, 6, 1, 4, 1, 37476, 9000, 64}
-	stepOIDCertificateAuthority = append(asn1.ObjectIdentifier(nil), append(stepOIDRoot, 2)...)
-)
-
 // recocationCodeMap maps revocation reason codes from RFC 5280, to Google CAS
 // revocation reasons. Revocation reason 7 is not used, and revocation reason 8
 // (removeFromCRL) is not supported by Google CAS.
diff --git a/cas/cloudcas/cloudcas_test.go b/cas/cloudcas/cloudcas_test.go
index ca15e27f..1b2770af 100644
--- a/cas/cloudcas/cloudcas_test.go
+++ b/cas/cloudcas/cloudcas_test.go
@@ -343,7 +343,7 @@ func TestCloudCAS_createCertificate(t *testing.T) {
 		{"fail create id", fields{okTestClient(), testAuthorityName}, args{leaf, 24 * time.Hour, "request-id"}, nil, nil, true},
 	}
 
-	// Pre-calulate rand.Random
+	// Pre-calculate rand.Random
 	buf := new(bytes.Buffer)
 	setTeeReader(t, buf)
 	for i := 0; i < len(tests)-1; i++ {